cvelistv5 - cve-2008-2369

CVE-2008-2369 (GCVE-0-2008-2369)

Vulnerability from cvelistv5

Published

2008-08-14 20:00

Modified

2024-08-07 08:58

Severity ?

CWE

Summary

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2008-2369

Vulnerability from fkie_nvd

Published

2008-08-14 20:41

Modified

2025-04-09 00:30

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2008-0630.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31493	Broken Link
secalert@redhat.com	http://securitytracker.com/id?1020694	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/30679	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/44452	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2008-0630.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31493	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020694	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30679	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44452	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	redhat	satellite	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4716BC2A-BEE9-48CF-859B-6EB21A62A7AD",
              "versionEndExcluding": "5.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements."
    },
    {
      "lang": "es",
      "value": "manzier.pxt en Red Hat Network Satellite Server en versiones anteriores a la 5.1.1 tiene una clave de autenticaci\u00f3n fijada en codigo (\"Hard-coded\"), que permite a atacantes remotos conectarse al servidor y obtener informaci\u00f3n sensible sobre cuentas de usuario y derechos."
    }
  ],
  "id": "CVE-2008-2369",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2008-08-14T20:41:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1020694"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/30679"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1020694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/30679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

rhsa-2008:0630

Vulnerability from csaf_redhat

Published

2008-08-13 14:17

Modified

2024-11-22 02:13

Summary

Red Hat Security Advisory: Red Hat Network Satellite Server security update

Notes

Topic

Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

During an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369) This release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "During an internal security audit, it was discovered that Red Hat Network\nSatellite Server shipped with an XML-RPC script, manzier.pxt, which had a\nsingle hard-coded authentication key. A remote attacker who is able to\nconnect to the Satellite Server XML-RPC service could use this flaw to\nobtain limited information about Satellite Server users, such as login\nnames, associated email addresses, internal user IDs, and partial\ninformation about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of Red Hat Network Satellite Server 5.1. In a\ntypical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,\nCVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,\nCVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0630",
        "url": "https://access.redhat.com/errata/RHSA-2008:0630"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "238401",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401"
      },
      {
        "category": "external",
        "summary": "240423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
      },
      {
        "category": "external",
        "summary": "244803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
      },
      {
        "category": "external",
        "summary": "244804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804"
      },
      {
        "category": "external",
        "summary": "253166",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "421081",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
      },
      {
        "category": "external",
        "summary": "429821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
      },
      {
        "category": "external",
        "summary": "430522",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522"
      },
      {
        "category": "external",
        "summary": "430646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646"
      },
      {
        "category": "external",
        "summary": "452461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452461"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0630.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Network Satellite Server security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:13:53+00:00",
      "generator": {
        "date": "2024-11-22T02:13:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2008:0630",
      "initial_release_date": "2008-08-13T14:17:00+00:00",
      "revision_history": [
        {
          "date": "2008-08-13T14:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-08-13T10:55:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:13:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.s390x",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.s390x",
                  "product_id": "mod_perl-0:2.0.2-12.el4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.s390",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.s390",
                  "product_id": "mod_perl-0:2.0.2-12.el4.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.x86_64",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.x86_64",
                  "product_id": "mod_perl-0:2.0.2-12.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
                "product": {
                  "name": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
                  "product_id": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_perl-0:2.0.2-12.el4.i386",
                "product": {
                  "name": "mod_perl-0:2.0.2-12.el4.i386",
                  "product_id": "mod_perl-0:2.0.2-12.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_id": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                "product": {
                  "name": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_id": "jfreechart-0:0.9.20-3.rhn.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                "product": {
                  "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_id": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhn-html-0:5.1.1-7.noarch",
                "product": {
                  "name": "rhn-html-0:5.1.1-7.noarch",
                  "product_id": "rhn-html-0:5.1.1-7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhn-html@5.1.1-7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch"
        },
        "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.s390",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.s390x",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64"
        },
        "product_reference": "mod_perl-0:2.0.2-12.el4.x86_64",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.i386",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.s390",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64"
        },
        "product_reference": "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch"
        },
        "product_reference": "perl-Crypt-CBC-0:2.24-1.el4.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhn-html-0:5.1.1-7.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch"
        },
        "product_reference": "rhn-html-0:5.1.1-7.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-4838",
      "discovery_date": "2005-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "238401"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat manager example DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "RHBZ#238401",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-4838"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838"
        }
      ],
      "release_date": "2005-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat manager example DoS"
    },
    {
      "cve": "CVE-2006-0254",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-01-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430646"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "RHBZ#430646",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254"
        }
      ],
      "release_date": "2006-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples XSS"
    },
    {
      "cve": "CVE-2006-0898",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430522"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-Crypt-CBC weaker encryption with some ciphers",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "RHBZ#430522",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0898"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898"
        }
      ],
      "release_date": "2006-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "perl-Crypt-CBC weaker encryption with some ciphers"
    },
    {
      "cve": "CVE-2007-1349",
      "discovery_date": "2007-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_perl PerlRun denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "RHBZ#240423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
        }
      ],
      "release_date": "2007-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_perl PerlRun denial of service"
    },
    {
      "cve": "CVE-2007-1355",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "253166"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XSS in samples",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "RHBZ#253166",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355"
        }
      ],
      "release_date": "2007-05-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XSS in samples"
    },
    {
      "cve": "CVE-2007-1358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat accept-language xss flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "RHBZ#244803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
        }
      ],
      "release_date": "2007-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat accept-language xss flaw"
    },
    {
      "cve": "CVE-2007-2449",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244804"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat examples jsp XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "RHBZ#244804",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449"
        }
      ],
      "release_date": "2007-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat examples jsp XSS"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6306",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "421081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JFreeChart: XSS vulnerabilities in the image map feature",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "RHBZ#421081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306"
        }
      ],
      "release_date": "2007-12-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JFreeChart: XSS vulnerabilities in the image map feature"
    },
    {
      "cve": "CVE-2008-0128",
      "discovery_date": "2008-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat5 SSO cookie login information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "RHBZ#429821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
        }
      ],
      "release_date": "2006-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat5 SSO cookie login information disclosure"
    },
    {
      "cve": "CVE-2008-2369",
      "discovery_date": "2008-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "452461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Satellite: information disclosure via manzier.pxt RPC script",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
          "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
          "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
          "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2369"
        },
        {
          "category": "external",
          "summary": "RHBZ#452461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2369",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2369"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2369",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2369"
        }
      ],
      "release_date": "2008-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:17:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0630"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x",
            "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64",
            "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch",
            "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Satellite: information disclosure via manzier.pxt RPC script"
    }
  ]
}

ghsa-53xg-795p-rwf7

Vulnerability from github

Published

2022-05-01 23:49

Modified

2024-02-13 18:38

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-14T20:41:00Z",
    "severity": "MODERATE"
  },
  "details": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.",
  "id": "GHSA-53xg-795p-rwf7",
  "modified": "2024-02-13T18:38:21Z",
  "published": "2022-05-01T23:49:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2369"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020694"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30679"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2008-2369

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-2369

Aliases

CVE-2008-2369

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2369",
    "description": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.",
    "id": "GSD-2008-2369",
    "references": [
      "https://access.redhat.com/errata/RHSA-2008:0630"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2369"
      ],
      "details": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.",
      "id": "GSD-2008-2369",
      "modified": "2023-12-13T01:23:00.913512Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-2369",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2008-0630.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
          },
          {
            "name": "http://secunia.com/advisories/31493",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31493"
          },
          {
            "name": "http://securitytracker.com/id?1020694",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1020694"
          },
          {
            "name": "http://www.securityfocus.com/bid/30679",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/30679"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4716BC2A-BEE9-48CF-859B-6EB21A62A7AD",
                    "versionEndExcluding": "5.1.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements."
          },
          {
            "lang": "es",
            "value": "manzier.pxt en Red Hat Network Satellite Server en versiones anteriores a la 5.1.1 tiene una clave de autenticaci\u00f3n fijada en codigo (\"Hard-coded\"), que permite a atacantes remotos conectarse al servidor y obtener informaci\u00f3n sensible sobre cuentas de usuario y derechos."
          }
        ],
        "id": "CVE-2008-2369",
        "lastModified": "2024-02-13T16:46:38.403",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 4.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.2,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2008-08-14T20:41:00.000",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/31493"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://securitytracker.com/id?1020694"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/30679"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-798"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-2369 (GCVE-0-2008-2369)

Vulnerability from cvelistv5

fkie_cve-2008-2369

Vulnerability from fkie_nvd

rhsa-2008:0630

Vulnerability from csaf_redhat

ghsa-53xg-795p-rwf7

Vulnerability from github

gsd-2008-2369

Vulnerability from gsd

Tags

Sightings

Nomenclature