cvelistv5 - cve-2007-5461

CVE-2007-5461 (GCVE-0-2007-5461)

Vulnerability from cvelistv5

Published

2007-10-15 18:00

Modified

2024-08-07 15:31

Severity ?

CWE

Summary

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

rhsa-2008:0213

Vulnerability from csaf_redhat

Published

2008-04-02 20:42

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP02 security update

Notes

Topic

New JBoss Enterprise Application Platform (JBEAP) packages, comprising the 4.2.0.CP02 release, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 5 contains the JBoss Application Server and JBoss Seam and serves as a replacement for JBEAP 4.2.0.GA_CP01. As well as fixing numerous bugs and adding enhancements, these updated packages addresses several security issues. The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script or HTML via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not properly validate user-supplied parameters. This vulnerability allowed remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. (CVE-2007-6433) For details regarding the bug fixes and enhancements included with this update, please see the JBoss Enterprise Application Platform 4.2.0.CP02 Release Notes, linked to in the References section below. All Red Hat Enterprise Linux 5 users wanting to use the JBoss Enterprise Application Platform are advised to install these new packages.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New JBoss Enterprise Application Platform (JBEAP) packages, comprising the\n4.2.0.CP02 release, are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition\n(J2EE) applications.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 contains the JBoss\nApplication Server and JBoss Seam and serves as a replacement for JBEAP\n4.2.0.GA_CP01. As well as fixing numerous bugs and adding enhancements,\nthese updated packages addresses several security issues.\n\nThe JFreeChart component was vulnerable to multiple cross-site scripting\n(XSS) vulnerabilities. An attacker could misuse the image map feature to\ninject arbitrary web script or HTML via several attributes of the chart\narea. (CVE-2007-6306)\n\nA vulnerability caused by exposing static java methods was located within\nthe HSQLDB component. This could be utilized by an attacker to execute\narbitrary static java methods. (CVE-2007-4575)\n\nThe setOrder method in the org.jboss.seam.framework.Query class did not\nproperly validate user-supplied parameters. This vulnerability allowed\nremote attackers to inject and execute arbitrary EJBQL commands via the\norder parameter. (CVE-2007-6433)\n\nFor details regarding the bug fixes and enhancements included with this\nupdate, please see the JBoss Enterprise Application Platform 4.2.0.CP02\nRelease Notes, linked to in the References section below.\n\nAll Red Hat Enterprise Linux 5 users wanting to use the JBoss Enterprise\nApplication Platform are advised to install these new packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0213",
        "url": "https://access.redhat.com/errata/RHSA-2008:0213"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html",
        "url": "http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html"
      },
      {
        "category": "external",
        "summary": "299801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299801"
      },
      {
        "category": "external",
        "summary": "421081",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
      },
      {
        "category": "external",
        "summary": "426206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426206"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0213.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP02 security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:36+00:00",
      "generator": {
        "date": "2024-11-22T02:13:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0213",
      "initial_release_date": "2008-04-02T20:42:00+00:00",
      "revision_history": [
        {
          "date": "2008-04-02T20:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-04-02T16:42:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
                  "product_id": "5Server-JBEAP-4.2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
                "product": {
                  "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
                  "product_id": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-8jpp.ep1.6.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
                "product": {
                  "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
                  "product_id": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaf@1.1.0-0jpp.ep1.9.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
                "product": {
                  "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
                  "product_id": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-javamail@1.4.0-0jpp.ep1.8.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
                "product": {
                  "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
                  "product_id": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.5.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
                "product": {
                  "name": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
                  "product_id": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-jbpm-bpel@1.1.0-0jpp.ep1.3.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
                "product": {
                  "name": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
                  "product_id": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-jbpm-jpdl@3.2.0-0jpp.ep1.6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP02.ep1.3.el5.3?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
                "product": {
                  "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
                  "product_id": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/juddi@0.9-0.rc4.2jpp.ep1.3.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src",
                "product": {
                  "name": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src",
                  "product_id": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ws-commons-policy@1.0-2jpp.ep1.4.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
                "product": {
                  "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
                  "product_id": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-8jpp.ep1.6.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
                "product": {
                  "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
                  "product_id": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaf@1.1.0-0jpp.ep1.9.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
                "product": {
                  "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
                  "product_id": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-javamail@1.4.0-0jpp.ep1.8.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                "product": {
                  "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_id": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                "product": {
                  "name": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_id": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.2.1-1.patch02.1jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.2.1-1jpp.ep1.6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
                "product": {
                  "name": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
                  "product_id": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-jbpm-bpel@1.1.0-0jpp.ep1.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
                "product": {
                  "name": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
                  "product_id": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-jbpm-jpdl@3.2.0-0jpp.ep1.6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP02.ep1.3.el5.3?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
                "product": {
                  "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
                  "product_id": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/juddi@0.9-0.rc4.2jpp.ep1.3.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-3.GA_CP02.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
                "product": {
                  "name": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
                  "product_id": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ws-commons-policy@1.0-2jpp.ep1.4.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch"
        },
        "product_reference": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src"
        },
        "product_reference": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch"
        },
        "product_reference": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src"
        },
        "product_reference": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch"
        },
        "product_reference": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch"
        },
        "product_reference": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src"
        },
        "product_reference": "jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch"
        },
        "product_reference": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src"
        },
        "product_reference": "jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch"
        },
        "product_reference": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src"
        },
        "product_reference": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch"
        },
        "product_reference": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
        },
        "product_reference": "ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-4575",
      "discovery_date": "2007-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "299801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to \"exposing static java methods.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenOffice.org-base allows Denial-of-Service and command injection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ],
        "known_not_affected": [
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4575"
        },
        {
          "category": "external",
          "summary": "RHBZ#299801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4575",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4575"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4575",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4575"
        }
      ],
      "release_date": "2007-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:42:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0213"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenOffice.org-base allows Denial-of-Service and command injection"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ],
        "known_not_affected": [
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:42:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0213"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6306",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "421081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JFreeChart: XSS vulnerabilities in the image map feature",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ],
        "known_not_affected": [
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#421081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306"
        }
      ],
      "release_date": "2007-12-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:42:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0213"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JFreeChart: XSS vulnerabilities in the image map feature"
    },
    {
      "cve": "CVE-2007-6433",
      "discovery_date": "2007-12-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "426206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "EJBQL injection via \u0027order\u0027 parameter",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ],
        "known_not_affected": [
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6433"
        },
        {
          "category": "external",
          "summary": "RHBZ#426206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6433"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6433",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6433"
        }
      ],
      "release_date": "2007-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:42:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0213"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "EJBQL injection via \u0027order\u0027 parameter"
    },
    {
      "cve": "CVE-2008-0002",
      "discovery_date": "2008-02-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
            "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "432327"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ],
        "known_not_affected": [
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-JBEAP-4.2.0:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5.src",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-JBEAP-4.2.0:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-JBEAP-4.2.0:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.noarch",
          "5Server-JBEAP-4.2.0:ws-commons-policy-0:1.0-2jpp.ep1.4.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0002"
        },
        {
          "category": "external",
          "summary": "RHBZ#432327",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432327"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0002"
        }
      ],
      "release_date": "2008-02-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:42:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-JBEAP-4.2.0:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-JBEAP-4.2.0:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0213"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Tomcat information disclosure vulnerability"
    }
  ]
}

rhsa-2008:0158

Vulnerability from csaf_redhat

Published

2008-03-24 22:16

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: JBoss Enterprise Application Platform security update

Notes

Topic

Updated JBoss Enterprise Application Platform packages that fix several security issues and bugs are now available for Red Hat Application Stack v1 and v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss Application Server and JBoss Seam. This release serves as a replacement to JBEAP 4.2.0.GA. The updated packages address the following security vulnerabilities: * the JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script or HTML via several attributes of the chart area. (CVE-2007-6306) * a vulnerability caused by exposing static java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static java methods. (CVE-2007-4575) * the setOrder method in the org.jboss.seam.framework.Query class did not properly validate user-supplied parameters. This vulnerability allowed remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. (CVE-2007-6433) All users are advised to upgrade to this release of JBEAP, which addresses these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated JBoss Enterprise Application Platform packages that fix several\nsecurity issues and bugs are now available for Red Hat Application Stack v1\nand v2.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition\n(J2EE) applications.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss\nApplication Server and JBoss Seam. This release serves as a replacement to\nJBEAP 4.2.0.GA.\n\nThe updated packages address the following security vulnerabilities:\n\n* the JFreeChart component was vulnerable to multiple cross-site scripting\n(XSS) vulnerabilities. An attacker could misuse the image map feature to\ninject arbitrary web script or HTML via several attributes of the chart\narea. (CVE-2007-6306)\n\n* a vulnerability caused by exposing static java methods was located within\nthe HSQLDB component. This could be utilized by an attacker to execute\narbitrary static java methods. (CVE-2007-4575)\n\n* the setOrder method in the org.jboss.seam.framework.Query class did not\nproperly validate user-supplied parameters. This vulnerability allowed\nremote attackers to inject and execute arbitrary EJBQL commands via the\norder parameter. (CVE-2007-6433)\n\nAll users are advised to upgrade to this release of JBEAP, which addresses\nthese vulnerabilities.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0158",
        "url": "https://access.redhat.com/errata/RHSA-2008:0158"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html",
        "url": "http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html"
      },
      {
        "category": "external",
        "summary": "https://rhstack.108.redhat.com/docs/Red_Hat_Application_Stack_V.1.2_Release_Notes.html",
        "url": "https://rhstack.108.redhat.com/docs/Red_Hat_Application_Stack_V.1.2_Release_Notes.html"
      },
      {
        "category": "external",
        "summary": "299801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299801"
      },
      {
        "category": "external",
        "summary": "421081",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
      },
      {
        "category": "external",
        "summary": "426206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426206"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0158.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:26+00:00",
      "generator": {
        "date": "2024-11-22T02:13:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0158",
      "initial_release_date": "2008-03-24T22:16:00+00:00",
      "revision_history": [
        {
          "date": "2008-03-24T22:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-03-24T18:16:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
                "product": {
                  "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
                  "product_id": "5Server-Stacks",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
                  "product_id": "4AS-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                "product": {
                  "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
                  "product_id": "4ES-RHWAS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
                "product": {
                  "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
                  "product_id": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-8jpp.ep1.6.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
                "product": {
                  "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
                  "product_id": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.5.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP02.ep1.3.el5.3?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
                "product": {
                  "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
                  "product_id": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/juddi@0.9-0.rc4.2jpp.ep1.3.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
                "product": {
                  "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
                  "product_id": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-7jpp.ep1.6.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
                "product": {
                  "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
                  "product_id": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaf@1.1.0-0jpp.ep1.10.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
                "product": {
                  "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
                  "product_id": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-javamail@1.4.0-0jpp.ep1.8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch01.1jpp.ep1.1?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.4.src",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.4.src",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
                "product": {
                  "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
                  "product_id": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-3.GA_CP02.ep1.3.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
                "product": {
                  "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
                  "product_id": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wsdl4j@1.6.2-1jpp.ep1.8?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
                "product": {
                  "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
                  "product_id": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-8jpp.ep1.6.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                "product": {
                  "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_id": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                "product": {
                  "name": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_id": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.2.1-1.patch02.1jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.2.1-1jpp.ep1.6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP02.ep1.3.el5.3?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
                "product": {
                  "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
                  "product_id": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/juddi@0.9-0.rc4.2jpp.ep1.3.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-3.GA_CP02.ep1.1.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
                "product": {
                  "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
                  "product_id": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-7jpp.ep1.6.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
                "product": {
                  "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
                  "product_id": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaf@1.1.0-0jpp.ep1.10.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
                "product": {
                  "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
                  "product_id": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-javamail@1.4.0-0jpp.ep1.8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP02.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.2.1-1.patch02.1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.2.1-1jpp.ep1.6.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch01.1jpp.ep1.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.3.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
                "product": {
                  "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
                  "product_id": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-3.GA_CP02.ep1.3.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-3.GA_CP02.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
                "product": {
                  "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
                  "product_id": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wsdl4j@1.6.2-1jpp.ep1.8?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)",
          "product_id": "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
        "relates_to_product_reference": "4AS-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)",
          "product_id": "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
        "relates_to_product_reference": "4ES-RHWAS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch"
        },
        "product_reference": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src"
        },
        "product_reference": "concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch"
        },
        "product_reference": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src"
        },
        "product_reference": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch"
        },
        "product_reference": "hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch"
        },
        "product_reference": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src"
        },
        "product_reference": "juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
        "relates_to_product_reference": "5Server-Stacks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-4575",
      "discovery_date": "2007-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "299801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to \"exposing static java methods.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenOffice.org-base allows Denial-of-Service and command injection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ],
        "known_not_affected": [
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4575"
        },
        {
          "category": "external",
          "summary": "RHBZ#299801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4575",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4575"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4575",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4575"
        }
      ],
      "release_date": "2007-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-24T22:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0158"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenOffice.org-base allows Denial-of-Service and command injection"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ],
        "known_not_affected": [
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-24T22:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0158"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6306",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "421081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JFreeChart: XSS vulnerabilities in the image map feature",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ],
        "known_not_affected": [
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#421081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306"
        }
      ],
      "release_date": "2007-12-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-24T22:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0158"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JFreeChart: XSS vulnerabilities in the image map feature"
    },
    {
      "cve": "CVE-2007-6433",
      "discovery_date": "2007-12-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "426206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "EJBQL injection via \u0027order\u0027 parameter",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ],
        "known_not_affected": [
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6433"
        },
        {
          "category": "external",
          "summary": "RHBZ#426206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6433"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6433",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6433"
        }
      ],
      "release_date": "2007-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-24T22:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0158"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "EJBQL injection via \u0027order\u0027 parameter"
    },
    {
      "cve": "CVE-2008-0002",
      "discovery_date": "2008-02-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
            "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
            "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
            "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
            "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
            "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
            "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
            "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
            "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
            "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
            "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
            "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
            "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
            "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
            "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "432327"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ],
        "known_not_affected": [
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-RHWAS:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.noarch",
          "5Server-Stacks:concurrent-0:1.3.4-8jpp.ep1.6.el5.1.src",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.noarch",
          "5Server-Stacks:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5.src",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5.src",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5.src",
          "5Server-Stacks:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5.noarch",
          "5Server-Stacks:hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.noarch",
          "5Server-Stacks:jacorb-0:2.3.0-1jpp.ep1.5.el5.src",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jboss-common-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jboss-seam-0:1.2.1-1.ep1.3.el5.src",
          "5Server-Stacks:jboss-seam-docs-0:1.2.1-1.ep1.3.el5.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.noarch",
          "5Server-Stacks:jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3.src",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.noarch",
          "5Server-Stacks:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5.src",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.noarch",
          "5Server-Stacks:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5.src",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jcommon-0:1.0.12-1jpp.ep1.2.el5.src",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.noarch",
          "5Server-Stacks:jfreechart-0:1.0.9-1jpp.ep1.2.el5.1.src",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.noarch",
          "5Server-Stacks:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5.src",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.noarch",
          "5Server-Stacks:juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1.src",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch",
          "5Server-Stacks:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1.src",
          "5Server-Stacks:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0002"
        },
        {
          "category": "external",
          "summary": "RHBZ#432327",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432327"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0002"
        }
      ],
      "release_date": "2008-02-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-24T22:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-RHWAS:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-RHWAS:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-RHWAS:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-RHWAS:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-RHWAS:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-RHWAS:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-RHWAS:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-RHWAS:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-RHWAS:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-RHWAS:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-RHWAS:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-RHWAS:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-RHWAS:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-RHWAS:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-RHWAS:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-RHWAS:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-RHWAS:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-RHWAS:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-RHWAS:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0158"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Tomcat information disclosure vulnerability"
    }
  ]
}

rhsa-2010:0602

Vulnerability from csaf_redhat

Published

2010-08-04 21:30

Modified

2025-08-01 19:56

Summary

Red Hat Security Advisory: Red Hat Certificate System 7.3 security update

Notes

Topic

Updated packages that fix multiple security issues and rebase various components are now available for Red Hat Certificate System 7.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Red Hat Certificate System (RHCS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause the pcscd daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407, CVE-2009-4901) This erratum updates the Tomcat component shipped as part of Red Hat Certificate System to version 5.5.23, to address multiple security issues. In a typical operating environment, Tomcat is not exposed to users of Certificate System in a vulnerable manner. These security updates will reduce risk in unique Certificate System environments. (CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382, CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232, CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580) This erratum provides updated versions of the following components, required by the updated Tomcat version: ant, avalon-logkit, axis, classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler, log4j, mx4j, xerces-j2, and xml-commons. A number of components have been updated to fix security issues for users of Red Hat Certificate System for the Solaris operating system. These fixes are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023, CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364, CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116 and CVE-2008-1927. Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were previously available to users of Red Hat Certificate System for Red Hat Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat Network. Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks, rhpki-java-tools, and rhpki-native-tools packages were updated to address some anomalous behavior on the Solaris operating system. (BZ#600513, BZ#605760) As well, this update provides an updated rhpki-manage package, which includes installation and uninstall scripts for Red Hat Certificate System that have been updated with the list of packages required by the Tomcat component, and an updated dependency on the NSS and NSPR packages. All users of Red Hat Certificate System are advised to upgrade to these updated packages, which correct these issues. Refer to the Red Hat Certificate System Administration Guide, linked to in the References, for details on how to install the updated packages on the Solaris operating system. After installing this update, all Red Hat Certificate System subsystems must be restarted ("/etc/init.d/[instance-name] restart") for the update to take effect.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0602",
        "url": "https://access.redhat.com/errata/RHSA-2010:0602"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#moderate",
        "url": "http://www.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
        "url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
      },
      {
        "category": "external",
        "summary": "200732",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
      },
      {
        "category": "external",
        "summary": "237079",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
      },
      {
        "category": "external",
        "summary": "237080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
      },
      {
        "category": "external",
        "summary": "237084",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
      },
      {
        "category": "external",
        "summary": "237085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
      },
      {
        "category": "external",
        "summary": "240423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
      },
      {
        "category": "external",
        "summary": "244658",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
      },
      {
        "category": "external",
        "summary": "244803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
      },
      {
        "category": "external",
        "summary": "245111",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
      },
      {
        "category": "external",
        "summary": "245112",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
      },
      {
        "category": "external",
        "summary": "247972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
      },
      {
        "category": "external",
        "summary": "247976",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
      },
      {
        "category": "external",
        "summary": "250731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
      },
      {
        "category": "external",
        "summary": "289511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
      },
      {
        "category": "external",
        "summary": "323571",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "419931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
      },
      {
        "category": "external",
        "summary": "427228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
      },
      {
        "category": "external",
        "summary": "427739",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "429821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
      },
      {
        "category": "external",
        "summary": "443928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
      },
      {
        "category": "external",
        "summary": "451615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
      },
      {
        "category": "external",
        "summary": "457597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
      },
      {
        "category": "external",
        "summary": "457934",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
      },
      {
        "category": "external",
        "summary": "458250",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
      },
      {
        "category": "external",
        "summary": "504555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "external",
        "summary": "509125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
      },
      {
        "category": "external",
        "summary": "515698",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
      },
      {
        "category": "external",
        "summary": "521619",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
      },
      {
        "category": "external",
        "summary": "522209",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
      },
      {
        "category": "external",
        "summary": "570171",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
      },
      {
        "category": "external",
        "summary": "596426",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
    "tracking": {
      "current_release_date": "2025-08-01T19:56:00+00:00",
      "generator": {
        "date": "2025-08-01T19:56:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2010:0602",
      "initial_release_date": "2010-08-04T21:30:00+00:00",
      "revision_history": [
        {
          "date": "2010-08-04T21:30:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-08-05T10:04:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-01T19:56:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Certificate System 7.3 for 4AS",
                "product": {
                  "name": "Red Hat Certificate System 7.3 for 4AS",
                  "product_id": "4AS-CERT-7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:certificate_system:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Certificate System 7.3 for 4ES",
                "product": {
                  "name": "Red Hat Certificate System 7.3 for 4ES",
                  "product_id": "4ES-CERT-7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:certificate_system:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Certificate System"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                "product": {
                  "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                  "product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                "product": {
                  "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                  "product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                "product": {
                  "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                  "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ant-0:1.6.5-1jpp_1rh.noarch",
                "product": {
                  "name": "ant-0:1.6.5-1jpp_1rh.noarch",
                  "product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                "product": {
                  "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                  "product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "axis-0:1.2.1-1jpp_3rh.noarch",
                "product": {
                  "name": "axis-0:1.2.1-1jpp_3rh.noarch",
                  "product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                "product": {
                  "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                  "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                "product": {
                  "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                  "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "log4j-0:1.2.12-1jpp_1rh.noarch",
                "product": {
                  "name": "log4j-0:1.2.12-1jpp_1rh.noarch",
                  "product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                "product": {
                  "name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                  "product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                "product": {
                  "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                  "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-manage-0:7.3.0-19.el4.noarch",
                "product": {
                  "name": "rhpki-manage-0:7.3.0-19.el4.noarch",
                  "product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-ca-0:7.3.0-20.el4.noarch",
                "product": {
                  "name": "rhpki-ca-0:7.3.0-20.el4.noarch",
                  "product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-kra-0:7.3.0-14.el4.noarch",
                "product": {
                  "name": "rhpki-kra-0:7.3.0-14.el4.noarch",
                  "product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-tks-0:7.3.0-13.el4.noarch",
                "product": {
                  "name": "rhpki-tks-0:7.3.0-13.el4.noarch",
                  "product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                "product": {
                  "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                  "product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                "product": {
                  "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                  "product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xml-commons-0:1.3.02-2jpp_1rh.src",
                "product": {
                  "name": "xml-commons-0:1.3.02-2jpp_1rh.src",
                  "product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                "product": {
                  "name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                  "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ant-0:1.6.5-1jpp_1rh.src",
                "product": {
                  "name": "ant-0:1.6.5-1jpp_1rh.src",
                  "product_id": "ant-0:1.6.5-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "avalon-logkit-0:1.2-2jpp_4rh.src",
                "product": {
                  "name": "avalon-logkit-0:1.2-2jpp_4rh.src",
                  "product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "axis-0:1.2.1-1jpp_3rh.src",
                "product": {
                  "name": "axis-0:1.2.1-1jpp_3rh.src",
                  "product_id": "axis-0:1.2.1-1jpp_3rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                "product": {
                  "name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                  "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                "product": {
                  "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                  "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "log4j-0:1.2.12-1jpp_1rh.src",
                "product": {
                  "name": "log4j-0:1.2.12-1jpp_1rh.src",
                  "product_id": "log4j-0:1.2.12-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mx4j-1:3.0.1-1jpp_4rh.src",
                "product": {
                  "name": "mx4j-1:3.0.1-1jpp_4rh.src",
                  "product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                "product": {
                  "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                  "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.src",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.src",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                "product": {
                  "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                  "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                "product": {
                  "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                  "product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                "product": {
                  "name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                  "product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
        },
        "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
        },
        "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
        },
        "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
        },
        "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
        },
        "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
        },
        "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
        },
        "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
        },
        "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-2090",
      "discovery_date": "2005-06-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237079"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat multiple content-length header poisioning",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "RHBZ#237079",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
        }
      ],
      "release_date": "2005-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat multiple content-length header poisioning"
    },
    {
      "cve": "CVE-2005-3510",
      "discovery_date": "2005-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "RHBZ#237085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
        }
      ],
      "release_date": "2005-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat DoS"
    },
    {
      "cve": "CVE-2006-3835",
      "discovery_date": "2006-07-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory listing issue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "RHBZ#237084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
        }
      ],
      "release_date": "2006-07-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat directory listing issue"
    },
    {
      "cve": "CVE-2006-3918",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-07-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "200732"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: Expect header XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#200732",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
        }
      ],
      "release_date": "2006-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: Expect header XSS"
    },
    {
      "cve": "CVE-2006-5752",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-06-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245112"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_status XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "RHBZ#245112",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
        }
      ],
      "release_date": "2007-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_status XSS"
    },
    {
      "cve": "CVE-2007-0450",
      "discovery_date": "2007-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory traversal",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "RHBZ#237080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
        }
      ],
      "release_date": "2007-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat directory traversal"
    },
    {
      "cve": "CVE-2007-1349",
      "discovery_date": "2007-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_perl PerlRun denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "RHBZ#240423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
        }
      ],
      "release_date": "2007-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_perl PerlRun denial of service"
    },
    {
      "cve": "CVE-2007-1358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat accept-language xss flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "RHBZ#244803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
        }
      ],
      "release_date": "2007-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat accept-language xss flaw"
    },
    {
      "cve": "CVE-2007-1863",
      "discovery_date": "2007-05-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244658"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_cache segfault",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1863"
        },
        {
          "category": "external",
          "summary": "RHBZ#244658",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
        }
      ],
      "release_date": "2007-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_cache segfault"
    },
    {
      "cve": "CVE-2007-3304",
      "discovery_date": "2007-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd scoreboard lack of PID protection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "RHBZ#245111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
        }
      ],
      "release_date": "2007-06-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd scoreboard lack of PID protection"
    },
    {
      "cve": "CVE-2007-3382",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookies",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "RHBZ#247972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookies"
    },
    {
      "cve": "CVE-2007-3385",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247976"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookie values",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "RHBZ#247976",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookie values"
    },
    {
      "cve": "CVE-2007-3847",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2007-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: out of bounds read",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3847"
        },
        {
          "category": "external",
          "summary": "RHBZ#250731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
        }
      ],
      "release_date": "2007-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: out of bounds read"
    },
    {
      "cve": "CVE-2007-4465",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "289511"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_autoindex XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "RHBZ#289511",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
        }
      ],
      "release_date": "2007-09-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_autoindex XSS"
    },
    {
      "cve": "CVE-2007-5000",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "419931"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_imagemap XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "RHBZ#419931",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
        }
      ],
      "release_date": "2007-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_imagemap XSS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Tavis Ormandy",
            "Will Drewry"
          ]
        }
      ],
      "cve": "CVE-2007-5116",
      "discovery_date": "2007-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "323571"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl regular expression UTF parsing errors",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5116"
        },
        {
          "category": "external",
          "summary": "RHBZ#323571",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
        }
      ],
      "release_date": "2007-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl regular expression UTF parsing errors"
    },
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6388",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427228"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache mod_status cross-site scripting",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "RHBZ#427228",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
        }
      ],
      "release_date": "2007-12-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache mod_status cross-site scripting"
    },
    {
      "cve": "CVE-2008-0005",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_proxy_ftp XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0005"
        },
        {
          "category": "external",
          "summary": "RHBZ#427739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
        }
      ],
      "release_date": "2008-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_proxy_ftp XSS"
    },
    {
      "cve": "CVE-2008-0128",
      "discovery_date": "2008-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat5 SSO cookie login information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "RHBZ#429821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
        }
      ],
      "release_date": "2006-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat5 SSO cookie login information disclosure"
    },
    {
      "cve": "CVE-2008-1232",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Cross-Site-Scripting enabled by sendError call",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "RHBZ#457597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Cross-Site-Scripting enabled by sendError call"
    },
    {
      "cve": "CVE-2008-1927",
      "discovery_date": "2008-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "443928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl: heap corruption by regular expressions with utf8 characters",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1927"
        },
        {
          "category": "external",
          "summary": "RHBZ#443928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
        }
      ],
      "release_date": "2007-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl: heap corruption by regular expressions with utf8 characters"
    },
    {
      "cve": "CVE-2008-2364",
      "discovery_date": "2008-05-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "451615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2364"
        },
        {
          "category": "external",
          "summary": "RHBZ#451615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
        }
      ],
      "release_date": "2008-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
    },
    {
      "cve": "CVE-2008-2370",
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat RequestDispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "RHBZ#457934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat RequestDispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2008-2939",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "458250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ftp globbing XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2939"
        },
        {
          "category": "external",
          "summary": "RHBZ#458250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
        }
      ],
      "release_date": "2008-08-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_proxy_ftp globbing XSS"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0023",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util heap buffer underwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0023"
        },
        {
          "category": "external",
          "summary": "RHBZ#503928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util heap buffer underwrite"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-1891",
      "discovery_date": "2009-06-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "509125"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1891"
        },
        {
          "category": "external",
          "summary": "RHBZ#509125",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
        }
      ],
      "release_date": "2009-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
    },
    {
      "cve": "CVE-2009-1955",
      "discovery_date": "2009-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504555"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util billion laughs attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1955"
        },
        {
          "category": "external",
          "summary": "RHBZ#504555",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
        }
      ],
      "release_date": "2009-06-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util billion laughs attack"
    },
    {
      "cve": "CVE-2009-1956",
      "discovery_date": "2009-06-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504390"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util single NULL byte buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1956"
        },
        {
          "category": "external",
          "summary": "RHBZ#504390",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
        }
      ],
      "release_date": "2009-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util single NULL byte buffer overflow"
    },
    {
      "cve": "CVE-2009-2412",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2009-07-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "515698"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.  NOTE: some of these details are obtained from third party information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-2412"
        },
        {
          "category": "external",
          "summary": "RHBZ#515698",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
        }
      ],
      "release_date": "2009-08-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
    },
    {
      "cve": "CVE-2009-3094",
      "discovery_date": "2009-09-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "521619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3094"
        },
        {
          "category": "external",
          "summary": "RHBZ#521619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
        }
      ],
      "release_date": "2009-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
    },
    {
      "cve": "CVE-2009-3095",
      "discovery_date": "2009-09-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "522209"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3095"
        },
        {
          "category": "external",
          "summary": "RHBZ#522209",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
        }
      ],
      "release_date": "2009-09-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
    },
    {
      "cve": "CVE-2009-4901",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2010-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "596426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-4901"
        },
        {
          "category": "external",
          "summary": "RHBZ#596426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
        }
      ],
      "release_date": "2010-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
    },
    {
      "cve": "CVE-2010-0407",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2010-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "596426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0407"
        },
        {
          "category": "external",
          "summary": "RHBZ#596426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
        }
      ],
      "release_date": "2010-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
    },
    {
      "cve": "CVE-2010-0434",
      "discovery_date": "2010-03-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "570171"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: request header information leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#570171",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
        }
      ],
      "release_date": "2009-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: request header information leak"
    }
  ]
}

rhsa-2008:0862

Vulnerability from csaf_redhat

Published

2008-10-02 14:03

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: tomcat security update

Notes

Topic

Updated tomcat packages that fix several security issues are now available for Red Hat Application Server v2. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the Tomcat process. (CVE-2007-5342) A directory traversal vulnerability was discovered in the Apache Tomcat webdav servlet. Under certain configurations, this allowed remote, authenticated users to read files accessible to the local Tomcat process. (CVE-2007-5461) A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially-crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the "allowLinking" and "URIencoding" settings were activated. A remote attacker could use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. (CVE-2008-2938) Users of tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0862",
        "url": "https://access.redhat.com/errata/RHSA-2008:0862"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "427216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
      },
      {
        "category": "external",
        "summary": "446393",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
      },
      {
        "category": "external",
        "summary": "456120",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
      },
      {
        "category": "external",
        "summary": "457597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
      },
      {
        "category": "external",
        "summary": "457934",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:30+00:00",
      "generator": {
        "date": "2024-11-22T02:13:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0862",
      "initial_release_date": "2008-10-02T14:03:00+00:00",
      "revision_history": [
        {
          "date": "2008-10-02T14:03:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-10-02T10:03:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Server v2 4AS",
                "product": {
                  "name": "Red Hat Application Server v2 4AS",
                  "product_id": "4AS-RHAPS2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_server:2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Server v2 4ES",
                "product": {
                  "name": "Red Hat Application Server v2 4ES",
                  "product_id": "4ES-RHAPS2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_server:2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Server v2 4WS",
                "product": {
                  "name": "Red Hat Application Server v2 4WS",
                  "product_id": "4WS-RHAPS2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_server:2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5342",
      "discovery_date": "2007-10-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427216"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache Tomcat\u0027s default security policy is too open",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5342"
        },
        {
          "category": "external",
          "summary": "RHBZ#427216",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342"
        }
      ],
      "release_date": "2007-12-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-10-02T14:03:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0862"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Apache Tomcat\u0027s default security policy is too open"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-10-02T14:03:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0862"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2008-1232",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Cross-Site-Scripting enabled by sendError call",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "RHBZ#457597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-10-02T14:03:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0862"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Cross-Site-Scripting enabled by sendError call"
    },
    {
      "cve": "CVE-2008-1947",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-05-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "446393"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat host manager xss - name field",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1947"
        },
        {
          "category": "external",
          "summary": "RHBZ#446393",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
        }
      ],
      "release_date": "2008-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-10-02T14:03:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0862"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Tomcat host manager xss - name field"
    },
    {
      "cve": "CVE-2008-2370",
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat RequestDispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "RHBZ#457934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-10-02T14:03:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0862"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat RequestDispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2008-2938",
      "discovery_date": "2008-07-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "456120"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat Unicode directory traversal vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2938"
        },
        {
          "category": "external",
          "summary": "RHBZ#456120",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
        }
      ],
      "release_date": "2008-08-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-10-02T14:03:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0862"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat Unicode directory traversal vulnerability"
    }
  ]
}

rhsa-2008:0042

Vulnerability from csaf_redhat

Published

2008-03-11 10:51

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: tomcat security update

Notes

Topic

Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342) Users of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix security issues and bugs are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Tomcat is a servlet container for Java Servlet and JavaServer Pages\ntechnologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav\nservlet. In some configurations it allowed remote authenticated users to\nread files accessible to the local tomcat process. (CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\ntomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain\nbackported patches and are not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0042",
        "url": "https://access.redhat.com/errata/RHSA-2008:0042"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#moderate",
        "url": "http://www.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "427216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0042.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:18+00:00",
      "generator": {
        "date": "2024-11-22T02:13:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0042",
      "initial_release_date": "2008-03-11T10:51:00+00:00",
      "revision_history": [
        {
          "date": "2008-03-11T10:51:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-03-11T06:51:42+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.3.0.3.el5_1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.3.0.3.el5_1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.3.el5_1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.3.0.3.el5_1?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
                  "product_id": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.3.el5_1?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.3.0.3.el5_1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5342",
      "discovery_date": "2007-10-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427216"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache Tomcat\u0027s default security policy is too open",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5342"
        },
        {
          "category": "external",
          "summary": "RHBZ#427216",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342"
        }
      ],
      "release_date": "2007-12-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T10:51:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0042"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Apache Tomcat\u0027s default security policy is too open"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
          "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
          "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T10:51:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
            "5Client:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.src",
            "5Server:tomcat5-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0042"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    }
  ]
}

rhsa-2008:0261

Vulnerability from csaf_redhat

Published

2008-05-20 14:12

Modified

2025-08-01 19:55

Summary

Red Hat Security Advisory: Red Hat Network Satellite Server security update

Notes

Topic

Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Network Satellite Server version 5.0.2 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "During an internal security review, a cross-site scripting flaw was found\nthat affected the Red Hat Network channel search feature. (CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server. In a\ntypical operating environment, these components are not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif package.\n(CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade to\n5.0.2, which resolves these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0261",
        "url": "https://access.redhat.com/errata/RHSA-2008:0261"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "396641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641"
      },
      {
        "category": "external",
        "summary": "444136",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444136"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0261.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Network Satellite Server security update",
    "tracking": {
      "current_release_date": "2025-08-01T19:55:18+00:00",
      "generator": {
        "date": "2025-08-01T19:55:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2008:0261",
      "initial_release_date": "2008-05-20T14:12:00+00:00",
      "revision_history": [
        {
          "date": "2008-05-20T14:12:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-05-20T10:12:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-01T19:55:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.0:el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
                "product": {
                  "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
                  "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jabberd-0:2.0s10-3.38.rhn.i386",
                "product": {
                  "name": "jabberd-0:2.0s10-3.38.rhn.i386",
                  "product_id": "jabberd-0:2.0s10-3.38.rhn.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.38.rhn?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
                "product": {
                  "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
                  "product_id": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openmotif21@2.1.30-11.RHEL4.6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
                "product": {
                  "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
                  "product_id": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openmotif21-debuginfo@2.1.30-11.RHEL4.6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
                "product": {
                  "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
                  "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
                "product": {
                  "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_id": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
                "product": {
                  "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_id": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.10-1jpp.2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
                "product": {
                  "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
                  "product_id": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modjk-ap13@1.2.23-2rhn.rhel4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modperl-0:1.29-16.rhel4.i386",
                "product": {
                  "name": "rhn-modperl-0:1.29-16.rhel4.i386",
                  "product_id": "rhn-modperl-0:1.29-16.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                "product": {
                  "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_id": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_id": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                "product": {
                  "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_id": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jabberd-0:2.0s10-3.38.rhn.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386"
        },
        "product_reference": "jabberd-0:2.0s10-3.38.rhn.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386"
        },
        "product_reference": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386"
        },
        "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch"
        },
        "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386"
        },
        "product_reference": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386"
        },
        "product_reference": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch"
        },
        "product_reference": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386"
        },
        "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386"
        },
        "product_reference": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modperl-0:1.29-16.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386"
        },
        "product_reference": "rhn-modperl-0:1.29-16.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386"
        },
        "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0885",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430637"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_ssl SSLCipherSuite bypass",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0885"
        },
        {
          "category": "external",
          "summary": "RHBZ#430637",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430637"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885"
        }
      ],
      "release_date": "2004-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_ssl SSLCipherSuite bypass"
    },
    {
      "cve": "CVE-2005-0605",
      "discovery_date": "2005-02-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430520"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxpm buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0605"
        },
        {
          "category": "external",
          "summary": "RHBZ#430520",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430520"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0605"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605"
        }
      ],
      "release_date": "2005-03-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxpm buffer overflow"
    },
    {
      "cve": "CVE-2005-2090",
      "discovery_date": "2005-06-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237079"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat multiple content-length header poisioning",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "RHBZ#237079",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
        }
      ],
      "release_date": "2005-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat multiple content-length header poisioning"
    },
    {
      "cve": "CVE-2005-3510",
      "discovery_date": "2005-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "RHBZ#237085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
        }
      ],
      "release_date": "2005-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat DoS"
    },
    {
      "cve": "CVE-2005-3964",
      "discovery_date": "2005-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430519"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openmotif libUil buffer overflows",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3964"
        },
        {
          "category": "external",
          "summary": "RHBZ#430519",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430519"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3964"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964"
        }
      ],
      "release_date": "2005-12-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openmotif libUil buffer overflows"
    },
    {
      "cve": "CVE-2005-4838",
      "discovery_date": "2005-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "238401"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat manager example DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "RHBZ#238401",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838"
        }
      ],
      "release_date": "2005-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat manager example DoS"
    },
    {
      "cve": "CVE-2006-0254",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-01-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430646"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "RHBZ#430646",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254"
        }
      ],
      "release_date": "2006-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples XSS"
    },
    {
      "cve": "CVE-2006-0898",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430522"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-Crypt-CBC weaker encryption with some ciphers",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "RHBZ#430522",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898"
        }
      ],
      "release_date": "2006-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "perl-Crypt-CBC weaker encryption with some ciphers"
    },
    {
      "cve": "CVE-2006-1329",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429254"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jabberd SASL DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-1329"
        },
        {
          "category": "external",
          "summary": "RHBZ#429254",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429254"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1329",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329"
        }
      ],
      "release_date": "2006-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jabberd SASL DoS"
    },
    {
      "cve": "CVE-2006-3835",
      "discovery_date": "2006-07-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory listing issue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "RHBZ#237084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
        }
      ],
      "release_date": "2006-07-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat directory listing issue"
    },
    {
      "cve": "CVE-2006-5752",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-06-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245112"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_status XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "RHBZ#245112",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
        }
      ],
      "release_date": "2007-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_status XSS"
    },
    {
      "cve": "CVE-2006-7195",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in example webapps",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-7195"
        },
        {
          "category": "external",
          "summary": "RHBZ#237081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195"
        }
      ],
      "release_date": "2007-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat XSS in example webapps"
    },
    {
      "cve": "CVE-2006-7196",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "238131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in example webapps",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-7196"
        },
        {
          "category": "external",
          "summary": "RHBZ#238131",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-7196"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196"
        }
      ],
      "release_date": "2007-04-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat XSS in example webapps"
    },
    {
      "cve": "CVE-2006-7197",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430642"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_jk chunk too long",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-7197"
        },
        {
          "category": "external",
          "summary": "RHBZ#430642",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430642"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197"
        }
      ],
      "release_date": "2006-03-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mod_jk chunk too long"
    },
    {
      "cve": "CVE-2007-0243",
      "discovery_date": "2007-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "325941"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "java-jre: GIF buffer overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0243"
        },
        {
          "category": "external",
          "summary": "RHBZ#325941",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=325941"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0243"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243"
        }
      ],
      "release_date": "2007-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "java-jre: GIF buffer overflow"
    },
    {
      "cve": "CVE-2007-0450",
      "discovery_date": "2007-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory traversal",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "RHBZ#237080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
        }
      ],
      "release_date": "2007-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat directory traversal"
    },
    {
      "cve": "CVE-2007-1349",
      "discovery_date": "2007-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_perl PerlRun denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "RHBZ#240423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
        }
      ],
      "release_date": "2007-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_perl PerlRun denial of service"
    },
    {
      "cve": "CVE-2007-1355",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "253166"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in samples",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "RHBZ#253166",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355"
        }
      ],
      "release_date": "2007-05-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XSS in samples"
    },
    {
      "cve": "CVE-2007-1358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat accept-language xss flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "RHBZ#244803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
        }
      ],
      "release_date": "2007-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat accept-language xss flaw"
    },
    {
      "cve": "CVE-2007-1860",
      "discovery_date": "2007-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237656"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_jk sends decoded URL to tomcat",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1860"
        },
        {
          "category": "external",
          "summary": "RHBZ#237656",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237656"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mod_jk sends decoded URL to tomcat"
    },
    {
      "cve": "CVE-2007-2435",
      "discovery_date": "2007-05-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "239660"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "javaws vulnerabilities",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2435"
        },
        {
          "category": "external",
          "summary": "RHBZ#239660",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239660"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2435",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2435"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435"
        }
      ],
      "release_date": "2007-04-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "javaws vulnerabilities"
    },
    {
      "cve": "CVE-2007-2449",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244804"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples jsp XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "RHBZ#244804",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449"
        }
      ],
      "release_date": "2007-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples jsp XSS"
    },
    {
      "cve": "CVE-2007-2450",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244808"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat host manager XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2450"
        },
        {
          "category": "external",
          "summary": "RHBZ#244808",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244808"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450"
        }
      ],
      "release_date": "2007-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat host manager XSS"
    },
    {
      "cve": "CVE-2007-2788",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2007-05-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250725"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2788"
        },
        {
          "category": "external",
          "summary": "RHBZ#250725",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250725"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit"
    },
    {
      "cve": "CVE-2007-2789",
      "discovery_date": "2007-05-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250729"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "BMP image parser vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2789"
        },
        {
          "category": "external",
          "summary": "RHBZ#250729",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250729"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2789"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "BMP image parser vulnerability"
    },
    {
      "cve": "CVE-2007-3304",
      "discovery_date": "2007-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd scoreboard lack of PID protection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "RHBZ#245111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
        }
      ],
      "release_date": "2007-06-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd scoreboard lack of PID protection"
    },
    {
      "cve": "CVE-2007-3382",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookies",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "RHBZ#247972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookies"
    },
    {
      "cve": "CVE-2007-3385",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247976"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookie values",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "RHBZ#247976",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookie values"
    },
    {
      "cve": "CVE-2007-4465",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "289511"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_autoindex XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "RHBZ#289511",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
        }
      ],
      "release_date": "2007-09-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_autoindex XSS"
    },
    {
      "cve": "CVE-2007-5000",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "419931"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_imagemap XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "RHBZ#419931",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
        }
      ],
      "release_date": "2007-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_imagemap XSS"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-5961",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "396641"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RHN XSS flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5961"
        },
        {
          "category": "external",
          "summary": "RHBZ#396641",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5961"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5961",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5961"
        }
      ],
      "release_date": "2008-05-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "RHN XSS flaw"
    },
    {
      "cve": "CVE-2007-6306",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "421081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JFreeChart: XSS vulnerabilities in the image map feature",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#421081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306"
        }
      ],
      "release_date": "2007-12-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JFreeChart: XSS vulnerabilities in the image map feature"
    },
    {
      "cve": "CVE-2007-6388",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427228"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache mod_status cross-site scripting",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "RHBZ#427228",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
        }
      ],
      "release_date": "2007-12-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache mod_status cross-site scripting"
    },
    {
      "cve": "CVE-2008-0128",
      "discovery_date": "2008-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat5 SSO cookie login information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "RHBZ#429821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
        }
      ],
      "release_date": "2006-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-05-20T14:12:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0261"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat5 SSO cookie login information disclosure"
    }
  ]
}

rhsa-2008:0151

Vulnerability from csaf_redhat

Published

2008-04-02 20:44

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP02 security update

Notes

Topic

Updated JBoss Enterprise Application Platform (JBEAP) packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

JBoss Enterprise Application Platform (JBEAP) is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss Application Server and JBoss Seam. This release serves as a replacement to JBEAP 4.2.0.GA. It fixes several security issues: The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script, or HTML, via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static Java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static Java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise JavaBeans Query Language (EJB QL) commands via the order parameter. (CVE-2007-6433) These updated packages include bug fixes and enhancements which are not listed here. For a full list, please refer to the JBEAP 4.2.0CP02 release notes: http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html Warning: before applying this update, please backup the JBEAP "server/[configuration]/deploy/" directory, and any other customized configuration files. All users of JBEAP on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages, which resolve these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated JBoss Enterprise Application Platform (JBEAP) packages that fix\nseveral security issues are now available.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise Application Platform (JBEAP) is a middleware platform for\nJava 2 Platform, Enterprise Edition (J2EE) applications.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss\nApplication Server and JBoss Seam. This release serves as a replacement to\nJBEAP 4.2.0.GA. It fixes several security issues:\n\nThe JFreeChart component was vulnerable to multiple cross-site scripting\n(XSS) vulnerabilities. An attacker could misuse the image map feature to\ninject arbitrary web script, or HTML, via several attributes of the chart\narea. (CVE-2007-6306)\n\nA vulnerability caused by exposing static Java methods was located within\nthe HSQLDB component. This could be utilized by an attacker to execute\narbitrary static Java methods. (CVE-2007-4575)\n\nThe setOrder method in the org.jboss.seam.framework.Query class did not\ncorrectly validate user-supplied parameters. This vulnerability allowed\nremote attackers to inject, and execute, arbitrary Enterprise JavaBeans\nQuery Language (EJB QL) commands via the order parameter. (CVE-2007-6433)\n\nThese updated packages include bug fixes and enhancements which are not\nlisted here. For a full list, please refer to the JBEAP 4.2.0CP02 release\nnotes:\nhttp://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html\n\nWarning: before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP on Red Hat Enterprise Linux 4 are advised to upgrade to\nthese updated packages, which resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0151",
        "url": "https://access.redhat.com/errata/RHSA-2008:0151"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html",
        "url": "http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html"
      },
      {
        "category": "external",
        "summary": "299801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299801"
      },
      {
        "category": "external",
        "summary": "421081",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
      },
      {
        "category": "external",
        "summary": "426206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426206"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0151.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP02 security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:22+00:00",
      "generator": {
        "date": "2024-11-22T02:13:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0151",
      "initial_release_date": "2008-04-02T20:44:00+00:00",
      "revision_history": [
        {
          "date": "2008-04-02T20:44:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-04-02T16:44:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
                  "product_id": "4AS-JBEAP",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
                  "product_id": "4ES-JBEAP",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
                "product": {
                  "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
                  "product_id": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wsdl4j@1.6.2-1jpp.ep1.8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
                "product": {
                  "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
                  "product_id": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-3.GA_CP02.ep1.3.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
                "product": {
                  "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
                  "product_id": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-7jpp.ep1.6.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
                "product": {
                  "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
                  "product_id": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-javamail@1.4.0-0jpp.ep1.8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.4.src",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.4.src",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch01.1jpp.ep1.1?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
                "product": {
                  "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
                  "product_id": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaf@1.1.0-0jpp.ep1.10.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
                  "product_id": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
                  "product_id": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-4.SP8_CP01.1jpp.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP02.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP02.0jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
                "product": {
                  "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
                  "product_id": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-wsconsume-impl@2.0.0-0jpp.ep1.3?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
                "product": {
                  "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
                  "product_id": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-common@1.2.1-0jpp.ep1.2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
                  "product_id": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.2-3.SP4.0jpp.ep1.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.3.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.3.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
                  "product_id": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-jboss42@1.2.1-0jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
                "product": {
                  "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
                  "product_id": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wsdl4j@1.6.2-1jpp.ep1.8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
                "product": {
                  "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
                  "product_id": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_04-1.p02.0jpp.ep1.18?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.2.1-1.patch02.1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.2.1-1.patch02.1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
                "product": {
                  "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
                  "product_id": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-3.GA_CP02.ep1.3.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
                  "product_id": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@1.0.9-1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
                "product": {
                  "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
                  "product_id": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/concurrent@1.3.4-7jpp.ep1.6.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
                "product": {
                  "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
                  "product_id": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-javamail@1.4.0-0jpp.ep1.8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
                "product": {
                  "name": "jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_id": "jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb-manual@2.3.0-1jpp.ep1.4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
                "product": {
                  "name": "jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_id": "jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb-demo@2.3.0-1jpp.ep1.4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
                "product": {
                  "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_id": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb@2.3.0-1jpp.ep1.4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
                "product": {
                  "name": "jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_id": "jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jacorb-javadoc@2.3.0-1jpp.ep1.4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.2.1-1jpp.ep1.6.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.2.1-1jpp.ep1.6.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
                  "product_id": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossxb@1.0.0-2.SP1.0jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
                  "product_id": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jcommon@1.0.12-1jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
                  "product_id": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-3.CP05.0jpp.ep1.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch01.1jpp.ep1.1?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-3.GA_CP02.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_id": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-3.GA_CP02.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
                "product": {
                  "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
                  "product_id": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaf@1.1.0-0jpp.ep1.10.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
                "product": {
                  "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
                  "product_id": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jstl@1.2.0-0jpp.ep1.2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
                "product": {
                  "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
                  "product_id": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.1-1.SP4.0jpp.ep1.2?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src"
        },
        "product_reference": "concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src"
        },
        "product_reference": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src"
        },
        "product_reference": "glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src"
        },
        "product_reference": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src"
        },
        "product_reference": "glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-0:2.3.0-1jpp.ep1.4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src"
        },
        "product_reference": "jacorb-0:2.3.0-1jpp.ep1.4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch"
        },
        "product_reference": "jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-common-0:1.2.1-0jpp.ep1.2.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src"
        },
        "product_reference": "jboss-common-0:1.2.1-0jpp.ep1.2.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src"
        },
        "product_reference": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.3.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src"
        },
        "product_reference": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src"
        },
        "product_reference": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src"
        },
        "product_reference": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src"
        },
        "product_reference": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src"
        },
        "product_reference": "jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src"
        },
        "product_reference": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wsdl4j-0:1.6.2-1jpp.ep1.8.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        },
        "product_reference": "wsdl4j-0:1.6.2-1jpp.ep1.8.src",
        "relates_to_product_reference": "4ES-JBEAP"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-4575",
      "discovery_date": "2007-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "299801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to \"exposing static java methods.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenOffice.org-base allows Denial-of-Service and command injection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        ],
        "known_not_affected": [
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4575"
        },
        {
          "category": "external",
          "summary": "RHBZ#299801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4575",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4575"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4575",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4575"
        }
      ],
      "release_date": "2007-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:44:00+00:00",
          "details": "A complete installation guide for this new release is linked to in the\nReferences section below.\n\nBefore installing this upgrade, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0151"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenOffice.org-base allows Denial-of-Service and command injection"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        ],
        "known_not_affected": [
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:44:00+00:00",
          "details": "A complete installation guide for this new release is linked to in the\nReferences section below.\n\nBefore installing this upgrade, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0151"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6306",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "421081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JFreeChart: XSS vulnerabilities in the image map feature",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        ],
        "known_not_affected": [
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#421081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306"
        }
      ],
      "release_date": "2007-12-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:44:00+00:00",
          "details": "A complete installation guide for this new release is linked to in the\nReferences section below.\n\nBefore installing this upgrade, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0151"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JFreeChart: XSS vulnerabilities in the image map feature"
    },
    {
      "cve": "CVE-2007-6433",
      "discovery_date": "2007-12-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "426206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "EJBQL injection via \u0027order\u0027 parameter",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        ],
        "known_not_affected": [
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6433"
        },
        {
          "category": "external",
          "summary": "RHBZ#426206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6433"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6433",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6433"
        }
      ],
      "release_date": "2007-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:44:00+00:00",
          "details": "A complete installation guide for this new release is linked to in the\nReferences section below.\n\nBefore installing this upgrade, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0151"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "EJBQL injection via \u0027order\u0027 parameter"
    },
    {
      "cve": "CVE-2008-0002",
      "discovery_date": "2008-02-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
            "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
            "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
            "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
            "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
            "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
            "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "432327"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
          "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
          "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
          "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
        ],
        "known_not_affected": [
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4AS-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4AS-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4AS-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4AS-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4AS-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4AS-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4AS-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.noarch",
          "4ES-JBEAP:concurrent-0:1.3.4-7jpp.ep1.6.el4.src",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.noarch",
          "4ES-JBEAP:glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4.src",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.noarch",
          "4ES-JBEAP:glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.src",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.noarch",
          "4ES-JBEAP:glassfish-jstl-0:1.2.0-0jpp.ep1.2.src",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.noarch",
          "4ES-JBEAP:jboss-common-0:1.2.1-0jpp.ep1.2.src",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.noarch",
          "4ES-JBEAP:jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.src",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.noarch",
          "4ES-JBEAP:wsdl4j-0:1.6.2-1jpp.ep1.8.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0002"
        },
        {
          "category": "external",
          "summary": "RHBZ#432327",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432327"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0002"
        }
      ],
      "release_date": "2008-02-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-02T20:44:00+00:00",
          "details": "A complete installation guide for this new release is linked to in the\nReferences section below.\n\nBefore installing this upgrade, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4AS-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4AS-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4AS-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.noarch",
            "4ES-JBEAP:glassfish-javamail-0:1.4.0-0jpp.ep1.8.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1.src",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-0:2.3.0-1jpp.ep1.4.src",
            "4ES-JBEAP:jacorb-demo-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-javadoc-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jacorb-manual-0:2.3.0-1jpp.ep1.4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.3.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.src",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4.src",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jcommon-0:1.0.12-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:jfreechart-0:1.0.9-1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.noarch",
            "4ES-JBEAP:jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0151"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Tomcat information disclosure vulnerability"
    }
  ]
}

rhsa-2008:0630

Vulnerability from csaf_redhat

Published

2008-08-13 14:17

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: Red Hat Network Satellite Server security update

Notes

Topic

Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

During an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369) This release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "During an internal security audit, it was discovered that Red Hat Network\nSatellite Server shipped with an XML-RPC script, manzier.pxt, which had a\nsingle hard-coded authentication key. A remote attacker who is able to\nconnect to the Satellite Server XML-RPC service could use this flaw to\nobtain limited information about Satellite Server users, such as login\nnames, associated email addresses, internal user IDs, and partial\ninformation about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of Red Hat Network Satellite Server 5.1. In a\ntypical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,\nCVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,\nCVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0630",
        "url": "https://access.redhat.com/errata/RHSA-2008:0630"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "238401",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401"
      },
      {
        "category": "external",
        "summary": "240423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
      },
      {
        "category": "external",
        "summary": "244803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
      },
      {
        "category": "external",
        "summary": "244804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804"
      },
      {
        "category": "external",
        "summary": "253166",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "421081",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
      },
      {
        "category": "external",
        "summary": "429821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
      },
      {
        "category": "external",
        "summary": "430522",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522"
      },
      {
        "category": "external",
        "summary": "430646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646"
      },
      {
        "category": "external",
        "summary": "452461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452461"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0630.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Network Satellite Server security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:53+00:00",
      "generator": {
        "date": "2024-11-22T02:13:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0630",
      "initial_release_date": "2008-08-13T14:17:00+00:00",
      "revision_history": [
        {
          "date": "2008-08-13T14:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-08-13T10:55:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.s390x",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.s390x",
                  "product_id": "mod_perl-0:2.0.2-12.el4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.s390",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.s390",
                  "product_id": "mod_perl-0:2.0.2-12.el4.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.x86_64",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.x86_64",
                  "product_id": "mod_perl-0:2.0.2-12.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.i386",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.i386",
                  "product_id": "mod_perl-0:2.0.2-12.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_id": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                "product": {
                  "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_id": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                "product": {
                  "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_id": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-html-0:5.1.1-7.noarch",
                "product": {
                  "name": "rhn-html-0:5.1.1-7.noarch",
                  "product_id": "rhn-html-0:5.1.1-7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-html@5.1.1-7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch"
        },
        "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.s390",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.s390x",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.x86_64",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch"
        },
        "product_reference": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-html-0:5.1.1-7.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch"
        },
        "product_reference": "rhn-html-0:5.1.1-7.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-4838",
      "discovery_date": "2005-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "238401"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat manager example DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "RHBZ#238401",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838"
        }
      ],
      "release_date": "2005-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat manager example DoS"
    },
    {
      "cve": "CVE-2006-0254",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-01-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430646"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "RHBZ#430646",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254"
        }
      ],
      "release_date": "2006-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples XSS"
    },
    {
      "cve": "CVE-2006-0898",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430522"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-Crypt-CBC weaker encryption with some ciphers",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "RHBZ#430522",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898"
        }
      ],
      "release_date": "2006-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "perl-Crypt-CBC weaker encryption with some ciphers"
    },
    {
      "cve": "CVE-2007-1349",
      "discovery_date": "2007-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_perl PerlRun denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "RHBZ#240423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
        }
      ],
      "release_date": "2007-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_perl PerlRun denial of service"
    },
    {
      "cve": "CVE-2007-1355",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "253166"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in samples",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "RHBZ#253166",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355"
        }
      ],
      "release_date": "2007-05-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XSS in samples"
    },
    {
      "cve": "CVE-2007-1358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat accept-language xss flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "RHBZ#244803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
        }
      ],
      "release_date": "2007-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat accept-language xss flaw"
    },
    {
      "cve": "CVE-2007-2449",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244804"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples jsp XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "RHBZ#244804",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449"
        }
      ],
      "release_date": "2007-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples jsp XSS"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6306",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "421081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JFreeChart: XSS vulnerabilities in the image map feature",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#421081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306"
        }
      ],
      "release_date": "2007-12-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JFreeChart: XSS vulnerabilities in the image map feature"
    },
    {
      "cve": "CVE-2008-0128",
      "discovery_date": "2008-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat5 SSO cookie login information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "RHBZ#429821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
        }
      ],
      "release_date": "2006-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat5 SSO cookie login information disclosure"
    },
    {
      "cve": "CVE-2008-2369",
      "discovery_date": "2008-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "452461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Satellite: information disclosure via manzier.pxt RPC script",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2369"
        },
        {
          "category": "external",
          "summary": "RHBZ#452461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2369",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2369"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2369",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2369"
        }
      ],
      "release_date": "2008-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Satellite: information disclosure via manzier.pxt RPC script"
    }
  ]
}

rhsa-2008:0195

Vulnerability from csaf_redhat

Published

2008-04-28 09:15

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: tomcat security update

Notes

Topic

Updated tomcat packages that fix multiple security issues are now available for Red Hat Developer Suite 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. This allowed remote attackers to remote authenticated users to read accessible to the local user running the tomcat process (CVE-2007-5461). The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process (CVE-2007-5342). Users of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Tomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- \u0027 -- as delimiters in\ncookies. This could allow remote attackers to obtain sensitive information,\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\npossible remote attackers could use this failure to obtain sensitive\ninformation, such as session IDs, for session hijacking attacks\n(CVE-2007-3385).\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav\nservlet. This allowed remote attackers to remote authenticated users to\nread accessible to the local user running the tomcat process (CVE-2007-5461).\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\ntomcat process (CVE-2007-5342).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0195",
        "url": "https://access.redhat.com/errata/RHSA-2008:0195"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "247972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
      },
      {
        "category": "external",
        "summary": "247976",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "427216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0195.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:32+00:00",
      "generator": {
        "date": "2024-11-22T02:13:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0195",
      "initial_release_date": "2008-04-28T09:15:00+00:00",
      "revision_history": [
        {
          "date": "2008-04-28T09:15:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-04-28T05:16:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Developer Suite v.3 (AS v.4)",
                "product": {
                  "name": "Red Hat Developer Suite v.3 (AS v.4)",
                  "product_id": "4AS-DS3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_developer_suite:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Developer Suite v.3"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_11rh.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_11rh.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_11rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_11rh?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_11rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_11rh.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_11rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_11rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_11rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_11rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_11rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_11rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_11rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_11rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_11rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_11rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_11rh.src",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-3382",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookies",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "RHBZ#247972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0195"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookies"
    },
    {
      "cve": "CVE-2007-3385",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247976"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookie values",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "RHBZ#247976",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0195"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookie values"
    },
    {
      "cve": "CVE-2007-5342",
      "discovery_date": "2007-10-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427216"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache Tomcat\u0027s default security policy is too open",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5342"
        },
        {
          "category": "external",
          "summary": "RHBZ#427216",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342"
        }
      ],
      "release_date": "2007-12-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0195"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Apache Tomcat\u0027s default security policy is too open"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_11rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_11rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0195"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    }
  ]
}

rhsa-2008:0524

Vulnerability from csaf_redhat

Published

2008-06-30 15:33

Modified

2025-08-01 19:54

Summary

Red Hat Security Advisory: Red Hat Network Satellite Server security update

Notes

Topic

Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Network Satellite Server version 4.2.3 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server 4.2. In\na typical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nMultiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,\nCVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 4.2 are advised to upgrade to\n4.2.3, which resolves these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0524",
        "url": "https://access.redhat.com/errata/RHSA-2008:0524"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "449337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=449337"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0524.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Network Satellite Server security update",
    "tracking": {
      "current_release_date": "2025-08-01T19:54:58+00:00",
      "generator": {
        "date": "2025-08-01T19:54:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2008:0524",
      "initial_release_date": "2008-06-30T15:33:00+00:00",
      "revision_history": [
        {
          "date": "2008-06-30T15:33:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-06-30T11:33:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-01T19:54:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)",
                  "product_id": "3AS-RHNSAT4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.2::el3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:4.2::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jabberd-0:2.0s10-3.37.rhn.i386",
                "product": {
                  "name": "jabberd-0:2.0s10-3.37.rhn.i386",
                  "product_id": "jabberd-0:2.0s10-3.37.rhn.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.37.rhn?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
                "product": {
                  "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
                  "product_id": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.10-1jpp.2.el3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
                "product": {
                  "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
                  "product_id": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2.el3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
                "product": {
                  "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
                  "product_id": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modjk-ap13@1.2.23-2rhn.rhel3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openmotif21-0:2.1.30-9.RHEL3.8.i386",
                "product": {
                  "name": "openmotif21-0:2.1.30-9.RHEL3.8.i386",
                  "product_id": "openmotif21-0:2.1.30-9.RHEL3.8.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openmotif21@2.1.30-9.RHEL3.8?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
                "product": {
                  "name": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
                  "product_id": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openmotif21-debuginfo@2.1.30-9.RHEL3.8?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
                "product": {
                  "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
                  "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
                "product": {
                  "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
                  "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modperl-0:1.29-16.rhel3.i386",
                "product": {
                  "name": "rhn-modperl-0:1.29-16.rhel3.i386",
                  "product_id": "rhn-modperl-0:1.29-16.rhel3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
                "product": {
                  "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
                  "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jabberd-0:2.0s10-3.38.rhn.i386",
                "product": {
                  "name": "jabberd-0:2.0s10-3.38.rhn.i386",
                  "product_id": "jabberd-0:2.0s10-3.38.rhn.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.38.rhn?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
                "product": {
                  "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
                  "product_id": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openmotif21@2.1.30-11.RHEL4.6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
                "product": {
                  "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
                  "product_id": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openmotif21-debuginfo@2.1.30-11.RHEL4.6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
                "product": {
                  "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
                  "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
                "product": {
                  "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_id": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
                "product": {
                  "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_id": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.10-1jpp.2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
                "product": {
                  "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
                  "product_id": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modjk-ap13@1.2.23-2rhn.rhel4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-modperl-0:1.29-16.rhel4.i386",
                "product": {
                  "name": "rhn-modperl-0:1.29-16.rhel4.i386",
                  "product_id": "rhn-modperl-0:1.29-16.rhel4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                "product": {
                  "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_id": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_id": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Crypt-CBC-0:2.24-1.el3.noarch",
                "product": {
                  "name": "perl-Crypt-CBC-0:2.24-1.el3.noarch",
                  "product_id": "perl-Crypt-CBC-0:2.24-1.el3.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el3?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                "product": {
                  "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_id": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jabberd-0:2.0s10-3.37.rhn.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386"
        },
        "product_reference": "jabberd-0:2.0s10-3.37.rhn.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386"
        },
        "product_reference": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386"
        },
        "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch"
        },
        "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openmotif21-0:2.1.30-9.RHEL3.8.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386"
        },
        "product_reference": "openmotif21-0:2.1.30-9.RHEL3.8.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386"
        },
        "product_reference": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Crypt-CBC-0:2.24-1.el3.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch"
        },
        "product_reference": "perl-Crypt-CBC-0:2.24-1.el3.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386"
        },
        "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386"
        },
        "product_reference": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modperl-0:1.29-16.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386"
        },
        "product_reference": "rhn-modperl-0:1.29-16.rhel3.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386"
        },
        "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)",
          "product_id": "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
        "relates_to_product_reference": "3AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jabberd-0:2.0s10-3.38.rhn.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386"
        },
        "product_reference": "jabberd-0:2.0s10-3.38.rhn.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386"
        },
        "product_reference": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386"
        },
        "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch"
        },
        "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386"
        },
        "product_reference": "openmotif21-0:2.1.30-11.RHEL4.6.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386"
        },
        "product_reference": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch"
        },
        "product_reference": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386"
        },
        "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386"
        },
        "product_reference": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modperl-0:1.29-16.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386"
        },
        "product_reference": "rhn-modperl-0:1.29-16.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386"
        },
        "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT4.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0687",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430513"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openmotif21 stack overflows in libxpm",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0687"
        },
        {
          "category": "external",
          "summary": "RHBZ#430513",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430513"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0687",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0687"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0687",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0687"
        }
      ],
      "release_date": "2004-10-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openmotif21 stack overflows in libxpm"
    },
    {
      "cve": "CVE-2004-0688",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430515"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openmotif21 stack overflows in libxpm",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0688"
        },
        {
          "category": "external",
          "summary": "RHBZ#430515",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430515"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0688"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0688",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0688"
        }
      ],
      "release_date": "2004-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openmotif21 stack overflows in libxpm"
    },
    {
      "cve": "CVE-2004-0885",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430637"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_ssl SSLCipherSuite bypass",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0885"
        },
        {
          "category": "external",
          "summary": "RHBZ#430637",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430637"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885"
        }
      ],
      "release_date": "2004-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_ssl SSLCipherSuite bypass"
    },
    {
      "cve": "CVE-2004-0914",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430516"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openmotif21 stack overflows in libxpm",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0914"
        },
        {
          "category": "external",
          "summary": "RHBZ#430516",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430516"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0914"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0914",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0914"
        }
      ],
      "release_date": "2004-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openmotif21 stack overflows in libxpm"
    },
    {
      "cve": "CVE-2005-0605",
      "discovery_date": "2005-02-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430520"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxpm buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0605"
        },
        {
          "category": "external",
          "summary": "RHBZ#430520",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430520"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0605"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605"
        }
      ],
      "release_date": "2005-03-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxpm buffer overflow"
    },
    {
      "cve": "CVE-2005-2090",
      "discovery_date": "2005-06-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237079"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat multiple content-length header poisioning",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "RHBZ#237079",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
        }
      ],
      "release_date": "2005-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat multiple content-length header poisioning"
    },
    {
      "cve": "CVE-2005-3510",
      "discovery_date": "2005-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "RHBZ#237085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
        }
      ],
      "release_date": "2005-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat DoS"
    },
    {
      "cve": "CVE-2005-3964",
      "discovery_date": "2005-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430519"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openmotif libUil buffer overflows",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3964"
        },
        {
          "category": "external",
          "summary": "RHBZ#430519",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430519"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3964"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964"
        }
      ],
      "release_date": "2005-12-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openmotif libUil buffer overflows"
    },
    {
      "cve": "CVE-2005-4838",
      "discovery_date": "2005-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "238401"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat manager example DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "RHBZ#238401",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838"
        }
      ],
      "release_date": "2005-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat manager example DoS"
    },
    {
      "cve": "CVE-2006-0254",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-01-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430646"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "RHBZ#430646",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254"
        }
      ],
      "release_date": "2006-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples XSS"
    },
    {
      "cve": "CVE-2006-0898",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430522"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-Crypt-CBC weaker encryption with some ciphers",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "RHBZ#430522",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898"
        }
      ],
      "release_date": "2006-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "perl-Crypt-CBC weaker encryption with some ciphers"
    },
    {
      "cve": "CVE-2006-1329",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429254"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jabberd SASL DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-1329"
        },
        {
          "category": "external",
          "summary": "RHBZ#429254",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429254"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1329",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329"
        }
      ],
      "release_date": "2006-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jabberd SASL DoS"
    },
    {
      "cve": "CVE-2006-3835",
      "discovery_date": "2006-07-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory listing issue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "RHBZ#237084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
        }
      ],
      "release_date": "2006-07-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat directory listing issue"
    },
    {
      "cve": "CVE-2006-5752",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-06-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245112"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_status XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "RHBZ#245112",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
        }
      ],
      "release_date": "2007-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_status XSS"
    },
    {
      "cve": "CVE-2006-7195",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in example webapps",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-7195"
        },
        {
          "category": "external",
          "summary": "RHBZ#237081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195"
        }
      ],
      "release_date": "2007-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat XSS in example webapps"
    },
    {
      "cve": "CVE-2006-7196",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "238131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in example webapps",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-7196"
        },
        {
          "category": "external",
          "summary": "RHBZ#238131",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-7196"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196"
        }
      ],
      "release_date": "2007-04-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat XSS in example webapps"
    },
    {
      "cve": "CVE-2006-7197",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430642"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_jk chunk too long",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-7197"
        },
        {
          "category": "external",
          "summary": "RHBZ#430642",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430642"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197"
        }
      ],
      "release_date": "2006-03-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mod_jk chunk too long"
    },
    {
      "cve": "CVE-2007-0243",
      "discovery_date": "2007-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "325941"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "java-jre: GIF buffer overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0243"
        },
        {
          "category": "external",
          "summary": "RHBZ#325941",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=325941"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0243"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243"
        }
      ],
      "release_date": "2007-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "java-jre: GIF buffer overflow"
    },
    {
      "cve": "CVE-2007-0450",
      "discovery_date": "2007-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory traversal",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "RHBZ#237080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
        }
      ],
      "release_date": "2007-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat directory traversal"
    },
    {
      "cve": "CVE-2007-1349",
      "discovery_date": "2007-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_perl PerlRun denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "RHBZ#240423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
        }
      ],
      "release_date": "2007-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_perl PerlRun denial of service"
    },
    {
      "cve": "CVE-2007-1355",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "253166"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in samples",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "RHBZ#253166",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355"
        }
      ],
      "release_date": "2007-05-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XSS in samples"
    },
    {
      "cve": "CVE-2007-1358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat accept-language xss flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "RHBZ#244803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
        }
      ],
      "release_date": "2007-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat accept-language xss flaw"
    },
    {
      "cve": "CVE-2007-1860",
      "discovery_date": "2007-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237656"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_jk sends decoded URL to tomcat",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1860"
        },
        {
          "category": "external",
          "summary": "RHBZ#237656",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237656"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mod_jk sends decoded URL to tomcat"
    },
    {
      "cve": "CVE-2007-2435",
      "discovery_date": "2007-05-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "239660"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "javaws vulnerabilities",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2435"
        },
        {
          "category": "external",
          "summary": "RHBZ#239660",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239660"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2435",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2435"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435"
        }
      ],
      "release_date": "2007-04-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "javaws vulnerabilities"
    },
    {
      "cve": "CVE-2007-2449",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244804"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples jsp XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "RHBZ#244804",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449"
        }
      ],
      "release_date": "2007-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples jsp XSS"
    },
    {
      "cve": "CVE-2007-2450",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244808"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat host manager XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2450"
        },
        {
          "category": "external",
          "summary": "RHBZ#244808",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244808"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450"
        }
      ],
      "release_date": "2007-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat host manager XSS"
    },
    {
      "cve": "CVE-2007-2788",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2007-05-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250725"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2788"
        },
        {
          "category": "external",
          "summary": "RHBZ#250725",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250725"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit"
    },
    {
      "cve": "CVE-2007-2789",
      "discovery_date": "2007-05-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250729"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "BMP image parser vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2789"
        },
        {
          "category": "external",
          "summary": "RHBZ#250729",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250729"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2789"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "BMP image parser vulnerability"
    },
    {
      "cve": "CVE-2007-3304",
      "discovery_date": "2007-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd scoreboard lack of PID protection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "RHBZ#245111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
        }
      ],
      "release_date": "2007-06-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd scoreboard lack of PID protection"
    },
    {
      "cve": "CVE-2007-3382",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookies",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "RHBZ#247972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookies"
    },
    {
      "cve": "CVE-2007-3385",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247976"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookie values",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "RHBZ#247976",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookie values"
    },
    {
      "cve": "CVE-2007-4465",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "289511"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_autoindex XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "RHBZ#289511",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
        }
      ],
      "release_date": "2007-09-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_autoindex XSS"
    },
    {
      "cve": "CVE-2007-5000",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "419931"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_imagemap XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "RHBZ#419931",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
        }
      ],
      "release_date": "2007-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_imagemap XSS"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6306",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "421081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JFreeChart: XSS vulnerabilities in the image map feature",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#421081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306"
        }
      ],
      "release_date": "2007-12-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JFreeChart: XSS vulnerabilities in the image map feature"
    },
    {
      "cve": "CVE-2007-6388",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427228"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache mod_status cross-site scripting",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "RHBZ#427228",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
        }
      ],
      "release_date": "2007-12-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache mod_status cross-site scripting"
    },
    {
      "cve": "CVE-2008-0128",
      "discovery_date": "2008-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat5 SSO cookie login information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
          "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
          "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
          "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
          "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
          "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
          "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
          "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
          "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
          "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
          "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "RHBZ#429821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
        }
      ],
      "release_date": "2006-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-06-30T15:33:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386",
            "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386",
            "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch",
            "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386",
            "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386",
            "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch",
            "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386",
            "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386",
            "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386",
            "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386",
            "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0524"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat5 SSO cookie login information disclosure"
    }
  ]
}

ghsa-v5p2-vg3c-pmrr

Vulnerability from github

Published

2022-05-01 18:33

Modified

2024-01-08 22:09

Summary

Apache Tomcat Path Traversal Vulnerability

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "last_affected": "4.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "versions": [
        "4.1.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "versions": [
        "5.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "last_affected": "5.5.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "last_affected": "6.0.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2007-5461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-22T21:08:02Z",
    "nvd_published_at": "2007-10-15T18:17:00Z",
    "severity": "LOW"
  },
  "details": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
  "id": "GHSA-v5p2-vg3c-pmrr",
  "modified": "2024-01-08T22:09:35Z",
  "published": "2022-05-01T18:33:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
    },
    {
      "type": "WEB",
      "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"
    },
    {
      "type": "WEB",
      "url": "http://issues.apache.org/jira/browse/GERONIMO-3549"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1447"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1453"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Tomcat Path Traversal Vulnerability"
}

gsd-2007-5461

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-5461

Aliases

CVE-2007-5461

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5461",
    "description": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
    "id": "GSD-2007-5461",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-5461.html",
      "https://www.debian.org/security/2008/dsa-1453",
      "https://www.debian.org/security/2008/dsa-1447",
      "https://access.redhat.com/errata/RHSA-2010:0602",
      "https://access.redhat.com/errata/RHSA-2008:0862",
      "https://access.redhat.com/errata/RHSA-2008:0630",
      "https://access.redhat.com/errata/RHSA-2008:0524",
      "https://access.redhat.com/errata/RHSA-2008:0261",
      "https://access.redhat.com/errata/RHSA-2008:0213",
      "https://access.redhat.com/errata/RHSA-2008:0195",
      "https://access.redhat.com/errata/RHSA-2008:0158",
      "https://access.redhat.com/errata/RHSA-2008:0151",
      "https://access.redhat.com/errata/RHSA-2008:0042",
      "https://linux.oracle.com/cve/CVE-2007-5461.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5461"
      ],
      "details": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
      "id": "GSD-2007-5461",
      "modified": "2023-12-13T01:21:40.461246Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2007-5461",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-1453",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1453"
          },
          {
            "name": "http://tomcat.apache.org/security-4.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "http://support.apple.com/kb/HT2163",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet",
            "refsource": "MLIST",
            "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E"
          },
          {
            "name": "26070",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26070"
          },
          {
            "name": "27446",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27446"
          },
          {
            "name": "20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382"
          },
          {
            "name": "30676",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30676"
          },
          {
            "name": "RHSA-2008:0630",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
          },
          {
            "name": "239312",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "apache-tomcat-webdav-dir-traversal(37243)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"
          },
          {
            "name": "oval:org.mitre.oval:def:9202",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202"
          },
          {
            "name": "RHSA-2008:0862",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
          },
          {
            "name": "ADV-2008-1981",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "30899",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "FEDORA-2007-3456",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
          },
          {
            "name": "31493",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31493"
          },
          {
            "name": "29242",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "ADV-2008-2823",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2823"
          },
          {
            "name": "37460",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37460"
          },
          {
            "name": "ADV-2008-1979",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "29313",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29313"
          },
          {
            "name": "31681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "32120",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32120"
          },
          {
            "name": "ADV-2007-3671",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3671"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "27398",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27398"
          },
          {
            "name": "RHSA-2008:0042",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"
          },
          {
            "name": "SUSE-SR:2008:005",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "1018864",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018864"
          },
          {
            "name": "28361",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28361"
          },
          {
            "name": "28317",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28317"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
          },
          {
            "name": "ADV-2007-3674",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3674"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2009:004",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "http://tomcat.apache.org/security-6.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "57126",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/57126"
          },
          {
            "name": "32222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "30802",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "RHSA-2008:0195",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
          },
          {
            "name": "GLSA-200804-10",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"
          },
          {
            "name": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html",
            "refsource": "CONFIRM",
            "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"
          },
          {
            "name": "ADV-2007-3622",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3622"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112"
          },
          {
            "name": "27727",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27727"
          },
          {
            "name": "ADV-2008-1856",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1856/references"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "ADV-2008-2780",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "RHSA-2008:0261",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "4530",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4530"
          },
          {
            "name": "MDVSA-2009:136",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
          },
          {
            "name": "DSA-1447",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1447"
          },
          {
            "name": "27481",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27481"
          },
          {
            "name": "HPSBST02955",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3216",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "MDKSA-2007:241",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
          },
          {
            "name": "29711",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29711"
          },
          {
            "name": "http://issues.apache.org/jira/browse/GERONIMO-3549",
            "refsource": "MISC",
            "url": "http://issues.apache.org/jira/browse/GERONIMO-3549"
          },
          {
            "name": "ADV-2009-3316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "32266",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32266"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-5461"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382"
            },
            {
              "name": "[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E"
            },
            {
              "name": "http://issues.apache.org/jira/browse/GERONIMO-3549",
              "refsource": "MISC",
              "tags": [],
              "url": "http://issues.apache.org/jira/browse/GERONIMO-3549"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112"
            },
            {
              "name": "FEDORA-2007-3456",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
            },
            {
              "name": "26070",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26070"
            },
            {
              "name": "1018864",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018864"
            },
            {
              "name": "27398",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27398"
            },
            {
              "name": "27446",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27446"
            },
            {
              "name": "27481",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27481"
            },
            {
              "name": "27727",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27727"
            },
            {
              "name": "DSA-1447",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1447"
            },
            {
              "name": "DSA-1453",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1453"
            },
            {
              "name": "MDKSA-2007:241",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
            },
            {
              "name": "28317",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28317"
            },
            {
              "name": "28361",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28361"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "RHSA-2008:0042",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"
            },
            {
              "name": "29313",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29313"
            },
            {
              "name": "GLSA-200804-10",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"
            },
            {
              "name": "29711",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29711"
            },
            {
              "name": "RHSA-2008:0195",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "30676",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30676"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "31493",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31493"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "RHSA-2008:0630",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "RHSA-2008:0862",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
            },
            {
              "name": "32120",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32120"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "32266",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32266"
            },
            {
              "name": "MDVSA-2009:136",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "37460",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "ADV-2007-3674",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3674"
            },
            {
              "name": "ADV-2007-3671",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3671"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "ADV-2008-1856",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1856/references"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "ADV-2007-3622",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3622"
            },
            {
              "name": "ADV-2008-2823",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2823"
            },
            {
              "name": "HPSBST02955",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
            },
            {
              "name": "57126",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/57126"
            },
            {
              "name": "apache-tomcat-webdav-dir-traversal(37243)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"
            },
            {
              "name": "4530",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4530"
            },
            {
              "name": "oval:org.mitre.oval:def:9202",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-25T11:29Z",
      "publishedDate": "2007-10-15T18:17Z"
    }
  }
}

fkie_cve-2007-5461

Vulnerability from fkie_nvd

Published

2007-10-15 18:17

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
secalert@redhat.com	http://issues.apache.org/jira/browse/GERONIMO-3549
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhat.com	http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
secalert@redhat.com	http://marc.info/?l=bugtraq&m=139344343412337&w=2
secalert@redhat.com	http://marc.info/?l=full-disclosure&m=119239530508382	Exploit
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2008-0630.html
secalert@redhat.com	http://secunia.com/advisories/27398
secalert@redhat.com	http://secunia.com/advisories/27446
secalert@redhat.com	http://secunia.com/advisories/27481
secalert@redhat.com	http://secunia.com/advisories/27727
secalert@redhat.com	http://secunia.com/advisories/28317
secalert@redhat.com	http://secunia.com/advisories/28361
secalert@redhat.com	http://secunia.com/advisories/29242
secalert@redhat.com	http://secunia.com/advisories/29313
secalert@redhat.com	http://secunia.com/advisories/29711
secalert@redhat.com	http://secunia.com/advisories/30676
secalert@redhat.com	http://secunia.com/advisories/30802
secalert@redhat.com	http://secunia.com/advisories/30899
secalert@redhat.com	http://secunia.com/advisories/30908
secalert@redhat.com	http://secunia.com/advisories/31493
secalert@redhat.com	http://secunia.com/advisories/32120
secalert@redhat.com	http://secunia.com/advisories/32222
secalert@redhat.com	http://secunia.com/advisories/32266
secalert@redhat.com	http://secunia.com/advisories/37460
secalert@redhat.com	http://secunia.com/advisories/57126
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200804-10.xml
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
secalert@redhat.com	http://support.apple.com/kb/HT2163
secalert@redhat.com	http://support.apple.com/kb/HT3216
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
secalert@redhat.com	http://tomcat.apache.org/security-4.html
secalert@redhat.com	http://tomcat.apache.org/security-5.html
secalert@redhat.com	http://tomcat.apache.org/security-6.html
secalert@redhat.com	http://www-1.ibm.com/support/docview.wss?uid=swg21286112
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1447
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1453
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0042.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0195.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0261.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0862.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/507985/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/26070
secalert@redhat.com	http://www.securityfocus.com/bid/31681
secalert@redhat.com	http://www.securitytracker.com/id?1018864
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2008-0010.html
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3622
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3671
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3674
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1856/references
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1979/references
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1981/references
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2780
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2823
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3316
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
secalert@redhat.com	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
secalert@redhat.com	https://www.exploit-db.com/exploits/4530
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
af854a3a-2127-422b-91ae-364da2661108	http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
af854a3a-2127-422b-91ae-364da2661108	http://issues.apache.org/jira/browse/GERONIMO-3549
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=139344343412337&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=119239530508382	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2008-0630.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27398
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27446
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27481
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27727
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28317
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28361
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29242
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29313
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29711
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30676
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30802
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30899
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30908
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31493
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32120
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32222
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32266
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37460
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57126
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200804-10.xml
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2163
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3216
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-4.html
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-5.html
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-6.html
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21286112
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1447
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1453
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0042.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0195.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0261.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0862.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26070
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31681
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018864
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0010.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3622
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3671
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3674
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1856/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1979/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1981/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2780
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2823
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4530
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

Impacted products

Vendor	Product	Version
apache	tomcat	4.0.0
apache	tomcat	4.0.1
apache	tomcat	4.0.2
apache	tomcat	4.0.3
apache	tomcat	4.0.4
apache	tomcat	4.0.5
apache	tomcat	4.0.6
apache	tomcat	4.1.0
apache	tomcat	4.1.1
apache	tomcat	4.1.2
apache	tomcat	4.1.3
apache	tomcat	4.1.4
apache	tomcat	4.1.5
apache	tomcat	4.1.6
apache	tomcat	4.1.7
apache	tomcat	4.1.8
apache	tomcat	4.1.9
apache	tomcat	4.1.10
apache	tomcat	4.1.11
apache	tomcat	4.1.12
apache	tomcat	4.1.13
apache	tomcat	4.1.14
apache	tomcat	4.1.15
apache	tomcat	4.1.16
apache	tomcat	4.1.17
apache	tomcat	4.1.18
apache	tomcat	4.1.19
apache	tomcat	4.1.20
apache	tomcat	4.1.21
apache	tomcat	4.1.22
apache	tomcat	4.1.23
apache	tomcat	4.1.24
apache	tomcat	4.1.25
apache	tomcat	4.1.26
apache	tomcat	4.1.27
apache	tomcat	4.1.28
apache	tomcat	4.1.29
apache	tomcat	4.1.30
apache	tomcat	4.1.31
apache	tomcat	4.1.32
apache	tomcat	4.1.33
apache	tomcat	4.1.34
apache	tomcat	4.1.35
apache	tomcat	4.1.36

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "914E1404-01A2-4F94-AA40-D5EA20F55AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FB1106-B26D-45BE-A511-8E69131BBA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "401A213A-FED3-49C0-B823-2E02EA528905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE5AD8-DB14-4632-9D2A-F2013579CA7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7641278D-3B8B-4CD2-B284-2047B65514A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7B9911-E836-4A96-A0E8-D13C957EC0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2341C51-A239-4A4A-B0DC-30F18175442C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "02860646-1D72-4D9A-AE2A-5868C8EDB3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE4B9B5-9C2E-47E1-9483-88A17264594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE92A9B-4B8C-468E-9162-A56ED5313E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE21D455-5B38-4B07-8E25-4EE782501EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "084B3227-FE22-43E3-AE06-7BB257018690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D536FF4-7582-4351-ABE3-876E20F8E7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DDD82E-5D83-4581-B2F3-F12655BBF817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0F0C91-171E-421D-BE86-11567DEFC7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22D2621-D305-43CE-B00D-9A7563B061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4245BA-B05C-49DE-B2E0-1E588209ED3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8633532B-9785-4259-8840-B08529E20DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EA52901-2D16-4F7E-BF5E-780B42A55D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "94941F86-0BBF-4F30-8F13-FB895A11ED69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FDE602-A56A-477E-B704-41AF92EEBB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A28B11A-3BC7-41BC-8970-EE075B029F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versi\u00f3n 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versi\u00f3n 5.5.25 y 6.0.0 hasta la versi\u00f3n 6.0.14, bajo determinadas configuraciones, permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de una petici\u00f3n de escritura WebDAV que especifica una entidad con una etiqueta SYSTEM."
    }
  ],
  "id": "CVE-2007-5461",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-15T18:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://issues.apache.org/jira/browse/GERONIMO-3549"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27398"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27446"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27481"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27727"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/28317"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/28361"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29313"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29711"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32120"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32266"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1447"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1453"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/26070"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1018864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3622"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3671"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3674"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2823"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.exploit-db.com/exploits/4530"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://issues.apache.org/jira/browse/GERONIMO-3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-5461 (GCVE-0-2007-5461)

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from github

Vulnerability from gsd

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature