var-200906-0603
Vulnerability from variot
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions of Apache Tomcat are vulnerable: 6.0.0-6.0.18 5.5.0-5.5.27 4.1.0-4.1.39.
References: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858, CVE-2012-0022, CVE-2012-5885. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Modification, Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02515878 Version: 1
HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized
Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-11-23 Last Updated: 2010-11-23
Potential Security Impact: Remote information disclosure, unauthorized modification, or Denial of Service (DoS).
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These
vulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial
of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite.
References: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2010-1157 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v3.13 contains HP-UX Tomcat-based Servlet Engine v5.5.30.01
Web Server Suite Version / Apache Depot name
HP-UX Web Server Suite v.3.13 HPUXWS22ATW-B313-32.depot
HPUXWS22ATW-B313-64.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.13 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX Web Server Suite
HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.30.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 23 November 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2010 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzsg8IACgkQ4B86/C0qfVlFEQCg1wPaYQ84EkeiOjNAkrLGPVnQ 1aQAoK/qC5XheL13hyynXvA/jfWdKwQ0 =jKnI -----END PGP SIGNATURE----- .
For the oldstable distribution (lenny), this problem has been fixed in version 5.5.26-5lenny2.
The stable distribution (squeeze) no longer contains tomcat5.5. tomcat6 is already fixed.
The unstable distribution (sid) no longer contains tomcat5.5. tomcat6 is already fixed. =========================================================== Ubuntu Security Notice USN-788-1 June 15, 2009 tomcat6 vulnerabilities CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10 Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.10: libtomcat6-java 6.0.18-0ubuntu3.2 tomcat6-examples 6.0.18-0ubuntu3.2
Ubuntu 9.04: libtomcat6-java 6.0.18-0ubuntu6.1 tomcat6-examples 6.0.18-0ubuntu6.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515)
Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. (CVE-2009-0033)
D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. (CVE-2009-0580)
Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-0781)
Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files. (CVE-2009-0783)
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz
Size/MD5: 22010 87c6105cd78ea5a8dbf62054fc4ba0aa
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc
Size/MD5: 1378 823c008ffc927c0f3f5686fc6f5188d0
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 174164 dd24331b2709bd6641b4055d0b052eae
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 2961944 63c8c3e0300ed70a240b79ddd3299efb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 37370 b9b1bd6dc9cfb52107811295401c09e4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 53488 5006e5c394ec815f6d36c335d9f0abaf
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 714516 768cacbb74453b1a2a49e55d61b7bedd
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 419180 0663de0611fb9792d44aebad8aa24cc4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 18612 95544319007f1f90321469c5d314c72e
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 24156 9f4d7a0671e9330ff2fa1a1c13a20c58
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz
Size/MD5: 24779 221e0f51259495fd01da2a6b67358b17
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc
Size/MD5: 1411 e3bac3c39b2e6db3267699a533b17add
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 246196 54e990e7893923b8b6df4bcce9f3ba22
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 172500 abf989790a45def65d5de9a7f9b010df
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 2846254 c1c0180751500ce58c51b97de9f2d6d9
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 37874 e7d401faba215af22ecff31b4a675fad
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 53184 194153ab21adac9a47baaf92ea8d2acb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 714212 d52e9abc75108a8f059346e09d47b511
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 418316 3a7110c9da4bd72a7019cbb75651da73
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 20520 ea5e54c91e7055e281d61e63f0e140f2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 24952 ec80f910d6c8e606c090ba8dd737bc4c
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-24
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: June 24, 2012 Bugs: #272566, #273662, #303719, #320963, #329937, #373987, #374619, #382043, #386213, #396401, #399227 ID: 201206-24
Synopsis
Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 5.5.34 >= 6.0.35 *< 6.0.35 >= 7.0.23 < 7.0.23
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
Impact
The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"
All Apache Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
References
[ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://tomcat.apache.org/security-5.html
Updated Packages:
Mandriva Enterprise Server 5: eeaa9d6a2b616db100f1e206bb06b2d6 mes5/i586/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm a641e0f379b1c37a1475b8528a6d8ecf mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 743727d3628613d6968850ffd1ae092d mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm c9e66f0251d48d08f1df2dbca1973aad mes5/i586/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm 0fcaf3a02861505fd8afec7c94344b34 mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm 6b013f381aad7eec77f82021fa897bb1 mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 56a14766bd5d56beaf05914442329b8e mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 6244961329d56d9854c27fb643180af7 mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 389011360b165d51ed7bb760aed77fef mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm 644fdfef4854b94a6a645b4a5df19430 mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 69601123fe318d20c8e050fb294563a4 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 19cbeea920983a8ba6a9f739c13f1162 mes5/i586/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64: c25b7d09498779d75041bc7f613130a0 mes5/x86_64/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm d7674924e3c8b7c84e5024869c1b69a3 mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 84d805f41359b28390638787cfc06d12 mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm 8d7ed6ceffa3cc3f03a8a7abd05c470b mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm 4f1b9387b5c5e77fcac86104815ae33a mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm 23350f016f88897bd966721c156c7c73 mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 0e187a53ffadf553705425de115e48e6 mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 50b42a84acf2b2d989655c2f7dd5ae1f mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 16ca5f053c9221b48aea5e73ce7b6a06 mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm cf3d9d6d4cc876aef1fcbbf1b7d53950 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 32f514581f311783fc5a673231558567 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm d21b39762b5a108dacdaf58a91ce5dac mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD4DBQFKbyKZmqjQ0CJFipgRAsjOAJ46WIT6KshXhK11pw/dmFR3Vuz5OQCYzzQM 8kHZGORcpqDWK1qWCdiY9A== =XhQl -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0603",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.5"
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.55"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.52"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.51"
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.25"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.24"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.23"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.22"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.21"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"model": "blackberry enterprise server for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"model": "blackberry enterprise server for exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"model": "blackberry enterprise server for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"model": "blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"model": "blackberry enterprise server express for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"model": "blackberry enterprise server express for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"model": "red hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)5.1"
},
{
"model": "network satellite",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "45.3"
},
{
"model": "network satellite",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "45.2"
},
{
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "enterprise linux eus 5.3.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "developer suite as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "application server ws4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "application server es4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "application server as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "tivoli netcool/webtop fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.19"
},
{
"model": "tivoli netcool/webtop fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.15"
},
{
"model": "tivoli netcool/webtop fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.14"
},
{
"model": "tivoli netcool/webtop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "rational quality manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.21"
},
{
"model": "performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.20"
},
{
"model": "performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.10"
},
{
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.22"
},
{
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.18"
},
{
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.17"
},
{
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.12"
},
{
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.10"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.1"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.2"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.1"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.1.2"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.1.1"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.1"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.0.1"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.0"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2"
},
{
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1"
},
{
"model": "virtualcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.56"
},
{
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.01"
},
{
"model": "opensolaris build snv 118",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "tivoli netcool/webtop fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.110"
},
{
"model": "rational quality manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "hp-ux web server suite",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.13"
},
{
"model": "coat systems intelligence center",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.2.1"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.28"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.40"
}
],
"sources": [
{
"db": "BID",
"id": "35263"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Iida Minehiko",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.6
},
"cve": "CVE-2008-5515",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-5515",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-5515",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-5515",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. \nThe following versions of Apache Tomcat are vulnerable:\n6.0.0-6.0.18\n5.5.0-5.5.27\n4.1.0-4.1.39. \n\nReferences: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,\nCVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157,\nCVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184,\nCVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858,\nCVE-2012-0022, CVE-2012-5885. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. Modification, Denial of Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02515878\nVersion: 1\n\nHPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized\n\nModification, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-11-23\nLast Updated: 2010-11-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote information disclosure, unauthorized modification, or Denial of Service (DoS). \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These\n\nvulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial\n\nof Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. \n\nReferences: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2010-1157 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6\nCVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerabilities. \nThe updates are available for download from http://software.hp.com\nNote: HP-UX Web Server Suite v3.13 contains HP-UX Tomcat-based Servlet Engine v5.5.30.01\n\nWeb Server Suite Version / Apache Depot name\n\nHP-UX Web Server Suite v.3.13\n HPUXWS22ATW-B313-32.depot\n\n HPUXWS22ATW-B313-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.13 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite\n\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.30.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 23 November 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2010 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkzsg8IACgkQ4B86/C0qfVlFEQCg1wPaYQ84EkeiOjNAkrLGPVnQ\n1aQAoK/qC5XheL13hyynXvA/jfWdKwQ0\n=jKnI\n-----END PGP SIGNATURE-----\n. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2. \n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed. \n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed. ===========================================================\nUbuntu Security Notice USN-788-1 June 15, 2009\ntomcat6 vulnerabilities\nCVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,\nCVE-2009-0783\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 8.10\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 8.10:\n libtomcat6-java 6.0.18-0ubuntu3.2\n tomcat6-examples 6.0.18-0ubuntu3.2\n\nUbuntu 9.04:\n libtomcat6-java 6.0.18-0ubuntu6.1\n tomcat6-examples 6.0.18-0ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIida Minehiko discovered that Tomcat did not properly normalise paths. A\nremote attacker could send specially crafted requests to the server and\nbypass security restrictions, gaining access to sensitive content. \n(CVE-2008-5515)\n\nYoshihito Fukuyama discovered that Tomcat did not properly handle errors\nwhen the Java AJP connector and mod_jk load balancing are used. A remote\nattacker could send specially crafted requests containing invalid headers\nto the server and cause a temporary denial of service. (CVE-2009-0033)\n\nD. Matscheko and T. Hackner discovered that Tomcat did not properly handle\nmalformed URL encoding of passwords when FORM authentication is used. A\nremote attacker could exploit this in order to enumerate valid usernames. \n(CVE-2009-0580)\n\nDeniz Cevik discovered that Tomcat did not properly escape certain\nparameters in the example calendar application which could result in\nbrowsers becoming vulnerable to cross-site scripting attacks when\nprocessing the output. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data (such as passwords), within the same domain. \n(CVE-2009-0781)\n\nPhilippe Prados discovered that Tomcat allowed web applications to replace\nthe XML parser used by other web applications. Local users could exploit\nthis to bypass security restrictions and gain access to certain sensitive\nfiles. (CVE-2009-0783)\n\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz\n Size/MD5: 22010 87c6105cd78ea5a8dbf62054fc4ba0aa\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc\n Size/MD5: 1378 823c008ffc927c0f3f5686fc6f5188d0\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 174164 dd24331b2709bd6641b4055d0b052eae\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 2961944 63c8c3e0300ed70a240b79ddd3299efb\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 37370 b9b1bd6dc9cfb52107811295401c09e4\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 53488 5006e5c394ec815f6d36c335d9f0abaf\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 714516 768cacbb74453b1a2a49e55d61b7bedd\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 419180 0663de0611fb9792d44aebad8aa24cc4\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 18612 95544319007f1f90321469c5d314c72e\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 24156 9f4d7a0671e9330ff2fa1a1c13a20c58\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz\n Size/MD5: 24779 221e0f51259495fd01da2a6b67358b17\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc\n Size/MD5: 1411 e3bac3c39b2e6db3267699a533b17add\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 246196 54e990e7893923b8b6df4bcce9f3ba22\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 172500 abf989790a45def65d5de9a7f9b010df\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 2846254 c1c0180751500ce58c51b97de9f2d6d9\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 37874 e7d401faba215af22ecff31b4a675fad\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 53184 194153ab21adac9a47baaf92ea8d2acb\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 714212 d52e9abc75108a8f059346e09d47b511\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 418316 3a7110c9da4bd72a7019cbb75651da73\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 20520 ea5e54c91e7055e281d61e63f0e140f2\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 24952 ec80f910d6c8e606c090ba8dd737bc4c\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: June 24, 2012\n Bugs: #272566, #273662, #303719, #320963, #329937, #373987,\n #374619, #382043, #386213, #396401, #399227\n ID: 201206-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat *\u003c 5.5.34 *\u003e= 6.0.35\n *\u003c 6.0.35 \u003e= 7.0.23\n \u003c 7.0.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to\nhijack a session, to bypass authentication, to inject webscript, to\nenumerate valid usernames, to read, modify and overwrite arbitrary\nfiles, to bypass intended access restrictions, to delete work-directory\nfiles, to discover the server\u0027s hostname or IP, to bypass read\npermissions for files or HTTP headers, to read or write files outside\nof the intended working directory, and to obtain sensitive information\nby reading a log file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.35\"\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2008-5515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515\n[ 2 ] CVE-2009-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033\n[ 3 ] CVE-2009-0580\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580\n[ 4 ] CVE-2009-0781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781\n[ 5 ] CVE-2009-0783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783\n[ 6 ] CVE-2009-2693\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693\n[ 7 ] CVE-2009-2901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901\n[ 8 ] CVE-2009-2902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902\n[ 9 ] CVE-2010-1157\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157\n[ 10 ] CVE-2010-2227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227\n[ 11 ] CVE-2010-3718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718\n[ 12 ] CVE-2010-4172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172\n[ 13 ] CVE-2010-4312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312\n[ 14 ] CVE-2011-0013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013\n[ 15 ] CVE-2011-0534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534\n[ 16 ] CVE-2011-1088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088\n[ 17 ] CVE-2011-1183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183\n[ 18 ] CVE-2011-1184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184\n[ 19 ] CVE-2011-1419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419\n[ 20 ] CVE-2011-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475\n[ 21 ] CVE-2011-1582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582\n[ 22 ] CVE-2011-2204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204\n[ 23 ] CVE-2011-2481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481\n[ 24 ] CVE-2011-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526\n[ 25 ] CVE-2011-2729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729\n[ 26 ] CVE-2011-3190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190\n[ 27 ] CVE-2011-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375\n[ 28 ] CVE-2011-4858\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858\n[ 29 ] CVE-2011-5062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062\n[ 30 ] CVE-2011-5063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063\n[ 31 ] CVE-2011-5064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064\n[ 32 ] CVE-2012-0022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n The calendar application in the examples web application contains an\n XSS flaw due to invalid HTML which renders the XSS filtering protection\n ineffective (CVE-2009-0781). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://tomcat.apache.org/security-5.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n eeaa9d6a2b616db100f1e206bb06b2d6 mes5/i586/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n a641e0f379b1c37a1475b8528a6d8ecf mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 743727d3628613d6968850ffd1ae092d mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n c9e66f0251d48d08f1df2dbca1973aad mes5/i586/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 0fcaf3a02861505fd8afec7c94344b34 mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 6b013f381aad7eec77f82021fa897bb1 mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 56a14766bd5d56beaf05914442329b8e mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 6244961329d56d9854c27fb643180af7 mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 389011360b165d51ed7bb760aed77fef mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 644fdfef4854b94a6a645b4a5df19430 mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 69601123fe318d20c8e050fb294563a4 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 19cbeea920983a8ba6a9f739c13f1162 mes5/i586/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm \n 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n c25b7d09498779d75041bc7f613130a0 mes5/x86_64/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n d7674924e3c8b7c84e5024869c1b69a3 mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 84d805f41359b28390638787cfc06d12 mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 8d7ed6ceffa3cc3f03a8a7abd05c470b mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 4f1b9387b5c5e77fcac86104815ae33a mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 23350f016f88897bd966721c156c7c73 mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 0e187a53ffadf553705425de115e48e6 mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 50b42a84acf2b2d989655c2f7dd5ae1f mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 16ca5f053c9221b48aea5e73ce7b6a06 mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n cf3d9d6d4cc876aef1fcbbf1b7d53950 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 32f514581f311783fc5a673231558567 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n d21b39762b5a108dacdaf58a91ce5dac mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm \n 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD4DBQFKbyKZmqjQ0CJFipgRAsjOAJ46WIT6KshXhK11pw/dmFR3Vuz5OQCYzzQM\n8kHZGORcpqDWK1qWCdiY9A==\n=XhQl\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5515"
},
{
"db": "BID",
"id": "35263"
},
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "96122"
},
{
"db": "PACKETSTORM",
"id": "99870"
},
{
"db": "PACKETSTORM",
"id": "78409"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "89679"
},
{
"db": "PACKETSTORM",
"id": "79715"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-5515",
"trust": 2.7
},
{
"db": "BID",
"id": "35263",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "44183",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35685",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35393",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37460",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39317",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42368",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35788",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVN63832775",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3056",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1535",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1856",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-3316",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1520",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265",
"trust": 0.6
},
{
"db": "VUPEN",
"id": "2009/1856",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2009/3316",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2009/1520",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/3056",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2009/1535",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-5515",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78409",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114139",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89679",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79715",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "BID",
"id": "35263"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "96122"
},
{
"db": "PACKETSTORM",
"id": "99870"
},
{
"db": "PACKETSTORM",
"id": "78409"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "89679"
},
{
"db": "PACKETSTORM",
"id": "79715"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"id": "VAR-200906-0603",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2024-09-19T21:15:02.715000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: JBoss Enterprise Application Platform 4.3.0.CP05 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091145 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091164 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: tomcat6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-788-1"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 6 Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ac49c4dcad19730a5b7d72eba69e3550"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 5 Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b4688be3241a5693241135af6523bb48"
},
{
"title": "Symantec Security Advisories: SA66 : Multiple Tomcat vulnerabilities in IntelligenceCenter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=ce6312b51b7767e26422e4b3dbf8f5cd"
},
{
"title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/35263"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"trust": 2.1,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1520"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn63832775/index.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35393"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:138"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:136"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35685"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1856"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35788"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37460"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01156.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01246.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01216.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4077"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39317"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:176"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42368"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44183"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6445"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19452"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10422"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.3,
"url": "http://jakarta.apache.org/tomcat/"
},
{
"trust": 0.3,
"url": "/archive/1/504170"
},
{
"trust": 0.3,
"url": "/archive/1/504202"
},
{
"trust": 0.3,
"url": "/archive/1/507985"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27012048"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01908935"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02515878"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025919"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa66"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1164.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1506.html"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966\u0026sliceid=1\u0026command=show\u0026forward=nonthreadedkc\u0026kcid=kb25966"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.3,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.2,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2009:1145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/788-1/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security-5.html."
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4312"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201206-24.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1419"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/patches"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "BID",
"id": "35263"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "96122"
},
{
"db": "PACKETSTORM",
"id": "99870"
},
{
"db": "PACKETSTORM",
"id": "78409"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "89679"
},
{
"db": "PACKETSTORM",
"id": "79715"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "BID",
"id": "35263"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "96122"
},
{
"db": "PACKETSTORM",
"id": "99870"
},
{
"db": "PACKETSTORM",
"id": "78409"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "89679"
},
{
"db": "PACKETSTORM",
"id": "79715"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"date": "2009-06-08T00:00:00",
"db": "BID",
"id": "35263"
},
{
"date": "2013-04-01T15:55:00",
"db": "PACKETSTORM",
"id": "121037"
},
{
"date": "2010-11-27T18:01:33",
"db": "PACKETSTORM",
"id": "96122"
},
{
"date": "2011-03-30T00:19:03",
"db": "PACKETSTORM",
"id": "99870"
},
{
"date": "2009-06-15T20:42:09",
"db": "PACKETSTORM",
"id": "78409"
},
{
"date": "2012-06-24T23:54:31",
"db": "PACKETSTORM",
"id": "114139"
},
{
"date": "2010-05-19T06:15:08",
"db": "PACKETSTORM",
"id": "89679"
},
{
"date": "2009-07-28T19:23:06",
"db": "PACKETSTORM",
"id": "79715"
},
{
"date": "2009-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"date": "2009-06-16T21:00:00.313000",
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"date": "2015-04-13T22:12:00",
"db": "BID",
"id": "35263"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"date": "2023-02-13T02:19:34.757000",
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat Path traversal vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.