ID

VAR-200507-0034


CVE

CVE-2005-2090


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling.". A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple vendors' products are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities CA Advisory Reference: CA20090123-01 CA Advisory Date: 2009-01-23 Reported By: n/a Impact: Refer to the CVE identifiers for details. Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier. Mitigating Factors: None Severity: CA has given these vulnerabilities a Medium risk rating. Affected Products: CA Cohesion Application Configuration Manager 4.5 Non-Affected Products CA Cohesion Application Configuration Manager 4.5 SP1 Affected Platforms: Windows Status and Recommendation: CA has issued the following update to address the vulnerabilities. CA Cohesion Application Configuration Manager 4.5: RO04648 https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search &searchID=RO04648 How to determine if you are affected: 1. Using Windows Explorer, locate the file "RELEASE-NOTES". 2. By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory. 3. Open the file with a text editor. 4. If the version is less than 5.5.25, the installation is vulnerable. Workaround: None References (URLs may wrap): CA Support: http://support.ca.com/ CA20090123-01: Security Notice for Cohesion Tomcat https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975 40 Solution Document Reference APARs: RO04648 CA Security Response Blog posting: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Reported By: n/a CVE References: CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 CVE-2005-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510 CVE-2006-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835 CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 CVE-2006-7196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 CVE-2007-1355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 CVE-2007-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858 CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 CVE-2007-3385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 CVE-2008-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128 *Note: the issue was not completely fixed by Tomcat maintainers. OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release v1.1 - Updated Impact, Summary, Affected Products Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82 Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15895 VERIFY ADVISORY: http://secunia.com/advisories/15895/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/ DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 3.21. http://sourceforge.net/project/showfiles.php?group_id=66479 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01178795 Version: 1 HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-10-02 Last Updated: 2007-10-02 Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. AFFECTED VERSIONS For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/ For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01 action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/ END AFFECTED VERSIONS RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- . Summary: Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1. Relevant releases: VirtualCenter Management Server 2 ESX Server 3.0.2 without patch ESX-1002434 ESX Server 3.0.1 without patch ESX-1003176 3. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues. JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. VMware VirtualCenter 2.0.2 Update 2 Release Notes http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7 VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b ESX Server 3.0.2 http://kb.vmware.com/kb/1002434 md5sum: 2f52251f6ace3d50934344ef313539d5 ESX Server 3.0.1 http://kb.vmware.com/kb/1003176 md5sum: 5674ca0dcfac90726014cc316444996e 5. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce@lists.vmware.com * bugtraq@securityfocus.com * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure) Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 - - Apache Tomcat 7.0.0 to 7.0.42 - - Apache Tomcat 6.0.0 to 6.0.37 Description: The fix for CVE-2005-2090 was not complete. It did not cover the following cases: - - content-length header with chunked encoding over any HTTP connector - - multiple content-length headers over any AJP connector Requests with multiple content-length headers or with a content-length header when chunked encoding is being used should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain either multiple content-length headers or a content-length header when chunked encoding is being used and several components do not reject the request and make different decisions as to which content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain sensitive information from requests other then their own. Tomcat now rejects requests with multiple content-length headers or with a content-length header when chunked encoding is being used. Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Tomcat 8.0.0-RC3 or later (8.0.0-RC2 contains the fix but was not released) - - Upgrade to Apache Tomcat 7.0.47 or later (7.0.43 to 7.0.46 contain the fix but were not released) - - Upgrade to Apache Tomcat 6.0.39 or later (6.0.38 contains the fix but was not released) Credit: This issue was identified by the Apache Tomcat security team while investigating an invalid report related to CVE-2005-2090

Trust: 3.06

sources: NVD: CVE-2005-2090 // CERT/CC: VU#442845 // JVNDB: JVNDB-2005-000866 // BID: 13873 // PACKETSTORM: 74289 // PACKETSTORM: 38388 // PACKETSTORM: 59939 // PACKETSTORM: 62402 // PACKETSTORM: 125394

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:eqversion:5.0.19

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.24

Trust: 1.6

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:4.0.6

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:4.1.34

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:5.0.30

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:5.5.22

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:6.0.10

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.1

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:necmodel:webotx application serverscope:ltversion:v7.11

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:enterprise version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:light version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:professional version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:enterprise

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:light

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:architect

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:platform

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:apachemodel:coyote http connectorscope:eqversion:1.1

Trust: 0.6

vendor:apachemodel:coyote http connectorscope:eqversion:1.0

Trust: 0.6

vendor:vmwaremodel:virtualcenter management serverscope:eqversion:2

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.2

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:9

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:8

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sdk 10.sp1scope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp1scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sdkscope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise desktopscope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sp1 debuginfoscope:eqversion:10

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:10.3

Trust: 0.3

vendor:susemodel:linux professional x86 64scope:eqversion:10.2

Trust: 0.3

vendor:susemodel:linux personal x86 64scope:eqversion:10.2

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 9 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:one web server sp4scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:one web server sp2scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:one web server sp1scope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:one web serverscope:eqversion:6.1

Trust: 0.3

vendor:s u s emodel:unitedlinuxscope:eqversion:1.0

Trust: 0.3

vendor:s u s emodel:suse linux standard serverscope:eqversion:8.0

Trust: 0.3

vendor:s u s emodel:suse linux school server for i386scope: - version: -

Trust: 0.3

vendor:s u s emodel:suse linux retail solutionscope:eqversion:8.0

Trust: 0.3

vendor:s u s emodel:suse linux openexchange serverscope:eqversion:4.0

Trust: 0.3

vendor:s u s emodel:suse linux open-xchangescope:eqversion:4.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.1

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:1

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:0

Trust: 0.3

vendor:s u s emodel:office serverscope: - version: -

Trust: 0.3

vendor:s u s emodel:novell linux posscope:eqversion:9

Trust: 0.3

vendor:s u s emodel:novell linux desktop sdkscope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:novell linux desktopscope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:novell linux desktopscope:eqversion:1.0

Trust: 0.3

vendor:s u s emodel:linux professional ossscope:eqversion:10.0

Trust: 0.3

vendor:s u s emodel:linux professionalscope:eqversion:10.0

Trust: 0.3

vendor:s u s emodel:linux professionalscope:eqversion:10.2

Trust: 0.3

vendor:s u s emodel:linux professionalscope:eqversion:10.1

Trust: 0.3

vendor:s u s emodel:linux personal ossscope:eqversion:10.0

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:10.2

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:10.1

Trust: 0.3

vendor:s u s emodel:linux openexchange serverscope: - version: -

Trust: 0.3

vendor:s u s emodel:linux office serverscope: - version: -

Trust: 0.3

vendor:s u s emodel:linux desktopscope:eqversion:1.0

Trust: 0.3

vendor:s u s emodel:linux desktopscope:eqversion:10

Trust: 0.3

vendor:s u s emodel:linuxscope:eqversion:10.1x86-64

Trust: 0.3

vendor:s u s emodel:linuxscope:eqversion:10.1x86

Trust: 0.3

vendor:s u s emodel:linux ppcscope:eqversion:10.1

Trust: 0.3

vendor:s u s emodel:linuxscope:eqversion:10.0x86-64

Trust: 0.3

vendor:s u s emodel:linuxscope:eqversion:10.0x86

Trust: 0.3

vendor:s u s emodel:linux ppcscope:eqversion:10.0

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:4)4.2

Trust: 0.3

vendor:redhatmodel:enterprise linux virtualization serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux optional productivity application serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux hardware certificationscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop multi os clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:certificate serverscope:eqversion:7.3

Trust: 0.3

vendor:redmodel:hat red hat network satellite serverscope:eqversion:5.0

Trust: 0.3

vendor:redmodel:hat red hat network satellite serverscope:eqversion:4.2

Trust: 0.3

vendor:redmodel:hat red hat network satellite serverscope:eqversion:4.1

Trust: 0.3

vendor:redmodel:hat red hat network satellite serverscope:eqversion:4.0

Trust: 0.3

vendor:redmodel:hat network satellite (for rhelscope:eqversion:3)4.2

Trust: 0.3

vendor:redmodel:hat enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:oracle9i application server web cachescope:eqversion:9.0.2.3

Trust: 0.3

vendor:oraclemodel:oracle9i application server web cachescope:eqversion:9.0.2.2

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.2

Trust: 0.3

vendor:novellmodel:zenworks linux managementscope:eqversion:7.3

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:6.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.1.3

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.1.2

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.1.1

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.1

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.0.5

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.0.4

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.0.3

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1.0.2

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.9

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.8

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.7

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.6

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.5

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.4

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.3

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.2

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.10

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2.1

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.2

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:5.0

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.11.1

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.11

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.10.6

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.10.5

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.10.4

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.10.3

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.10.2

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.10.1

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.10

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.9.6

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.9.5

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.9.4

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.9.3

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.9.2

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.9.1

Trust: 0.3

vendor:delegatemodel:delegatescope:eqversion:8.9

Trust: 0.3

vendor:computermodel:associates unicenter service deskscope:eqversion:11.2

Trust: 0.3

vendor:computermodel:associates cohesion application configuration managerscope:eqversion:4.5

Trust: 0.3

vendor:computermodel:associates cmdbscope:eqversion:11.1

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:8.11

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:8.11

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:apachemodel:software foundation tomcatscope:eqversion:5.0.30

Trust: 0.3

vendor:apachemodel:software foundation tomcatscope:eqversion:5.0.19

Trust: 0.3

vendor:apachemodel:software foundation tomcatscope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation tomcatscope:eqversion:4.1.24

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.53

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.52

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.51

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.50

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.49

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.48

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.47

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.46

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.45

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:1.3.29

Trust: 0.3

vendor:computermodel:associates cohesion application configuration manager sp1scope:neversion:4.5

Trust: 0.3

sources: CERT/CC: VU#442845 // BID: 13873 // JVNDB: JVNDB-2005-000866 // CNNVD: CNNVD-200507-004 // NVD: CVE-2005-2090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-2090
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2005-2090
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200507-004
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2005-2090
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#442845 // JVNDB: JVNDB-2005-000866 // CNNVD: CNNVD-200507-004 // NVD: CVE-2005-2090

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200507-004

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200507-004

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000866

PATCH

title:Fixed in Apache Tomcat 4.1.36url:http://tomcat.apache.org/security-4.html

Trust: 0.8

title:Fixed in Apache Tomcat 5.5.24, 5.0.SVNurl:http://tomcat.apache.org/security-5.html

Trust: 0.8

title:Fixed in Apache Tomcat 6.0.11 url:http://tomcat.apache.org/security-6.html

Trust: 0.8

title:HS08-003url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-003/index.html

Trust: 0.8

title:HPSBUX02262url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01178795

Trust: 0.8

title:HPSBUX02262url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html

Trust: 0.8

title:tomcat4 (V2.x)url:http://www.miraclelinux.com/support/update/list.php?errata_id=1168

Trust: 0.8

title:NV09-003url:http://www.nec.co.jp/security-info/secinfo/nv09-003.html

Trust: 0.8

title:RHSA-2007:0327url:https://rhn.redhat.com/errata/RHSA-2007-0327.html

Trust: 0.8

title:239312url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1

Trust: 0.8

title:interstage_as_200703url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200703.html

Trust: 0.8

title:HS08-003url:http://www.hitachi-support.com/security/vuls/HS08-003/index.html

Trust: 0.8

title:RHSA-2007:0327url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0327J.html

Trust: 0.8

sources: JVNDB: JVNDB-2005-000866

EXTERNAL IDS

db:NVDid:CVE-2005-2090

Trust: 3.1

db:BIDid:13873

Trust: 2.7

db:SECTRACKid:1014365

Trust: 2.4

db:SECUNIAid:30908

Trust: 1.6

db:SECUNIAid:26660

Trust: 1.6

db:SECUNIAid:30899

Trust: 1.6

db:SECUNIAid:29242

Trust: 1.6

db:SECUNIAid:28365

Trust: 1.6

db:SECUNIAid:26235

Trust: 1.6

db:SECUNIAid:33668

Trust: 1.6

db:SECUNIAid:27037

Trust: 1.6

db:VUPENid:ADV-2007-2732

Trust: 1.6

db:VUPENid:ADV-2009-0233

Trust: 1.6

db:VUPENid:ADV-2008-0065

Trust: 1.6

db:VUPENid:ADV-2007-3087

Trust: 1.6

db:VUPENid:ADV-2007-3386

Trust: 1.6

db:VUPENid:ADV-2008-1979

Trust: 1.6

db:BIDid:25159

Trust: 1.6

db:SECUNIAid:15895

Trust: 0.9

db:SECUNIAid:15810

Trust: 0.8

db:SECUNIAid:15922

Trust: 0.8

db:SECUNIAid:15852

Trust: 0.8

db:SECUNIAid:15855

Trust: 0.8

db:SECUNIAid:15861

Trust: 0.8

db:SECUNIAid:15862

Trust: 0.8

db:SECUNIAid:15872

Trust: 0.8

db:SECUNIAid:15883

Trust: 0.8

db:SECUNIAid:15884

Trust: 0.8

db:BIDid:14088

Trust: 0.8

db:SECTRACKid:1014327

Trust: 0.8

db:CERT/CCid:VU#442845

Trust: 0.8

db:JVNDBid:JVNDB-2005-000866

Trust: 0.8

db:CNNVDid:CNNVD-200507-004

Trust: 0.6

db:PACKETSTORMid:74289

Trust: 0.1

db:PACKETSTORMid:38388

Trust: 0.1

db:PACKETSTORMid:59939

Trust: 0.1

db:PACKETSTORMid:62402

Trust: 0.1

db:PACKETSTORMid:125394

Trust: 0.1

sources: CERT/CC: VU#442845 // BID: 13873 // JVNDB: JVNDB-2005-000866 // PACKETSTORM: 74289 // PACKETSTORM: 38388 // PACKETSTORM: 59939 // PACKETSTORM: 62402 // PACKETSTORM: 125394 // CNNVD: CNNVD-200507-004 // NVD: CVE-2005-2090

REFERENCES

url:http://www.securityfocus.com/bid/13873

Trust: 2.4

url:http://support.avaya.com/elmodocs2/security/asa-2007-206.htm

Trust: 1.9

url:http://www.watchfire.com/resources/http-request-smuggling.pdf

Trust: 1.9

url:http://tomcat.apache.org/security-6.html

Trust: 1.7

url:http://seclists.org/lists/bugtraq/2005/jun/0025.html

Trust: 1.6

url:http://www.vupen.com/english/advisories/2009/0233

Trust: 1.6

url:http://docs.info.apple.com/article.html?artnum=306172

Trust: 1.6

url:http://www.securiteam.com/securityreviews/5gp0220g0u.html

Trust: 1.6

url:http://tomcat.apache.org/security-5.html

Trust: 1.6

url:http://www.securityfocus.com/archive/1/500412/100/0/threaded

Trust: 1.6

url:http://www.vupen.com/english/advisories/2008/1979/references

Trust: 1.6

url:http://lists.vmware.com/pipermail/security-announce/2008/000003.html

Trust: 1.6

url:http://secunia.com/advisories/33668

Trust: 1.6

url:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Trust: 1.6

url:http://secunia.com/advisories/27037

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2007-0360.html

Trust: 1.6

url:http://www.vupen.com/english/advisories/2008/0065

Trust: 1.6

url:http://secunia.com/advisories/30899

Trust: 1.6

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

Trust: 1.6

url:http://secunia.com/advisories/26660

Trust: 1.6

url:http://secunia.com/advisories/28365

Trust: 1.6

url:http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html

Trust: 1.6

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10499

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

Trust: 1.6

url:http://secunia.com/advisories/30908

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2008-0261.html

Trust: 1.6

url:http://securitytracker.com/id?1014365

Trust: 1.6

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html

Trust: 1.6

url:http://www.vupen.com/english/advisories/2007/3386

Trust: 1.6

url:http://www.securityfocus.com/archive/1/485938/100/0/threaded

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2007-0327.html

Trust: 1.6

url:http://www.vupen.com/english/advisories/2007/3087

Trust: 1.6

url:http://tomcat.apache.org/security-4.html

Trust: 1.6

url:http://www.vupen.com/english/advisories/2007/2732

Trust: 1.6

url:http://secunia.com/advisories/26235

Trust: 1.6

url:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540

Trust: 1.6

url:http://www.securityfocus.com/bid/25159

Trust: 1.6

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795

Trust: 1.6

url:http://www.securityfocus.com/archive/1/500396/100/0/threaded

Trust: 1.6

url:http://secunia.com/advisories/29242

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2090

Trust: 1.0

url:https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:http://secunia.com/advisories/15895/

Trust: 0.9

url:http://secunia.com/advisories/15852/

Trust: 0.9

url:http://www.hardened-php.net/advisory-022005.php

Trust: 0.8

url:http://secunia.com/advisories/15861/

Trust: 0.8

url:http://secunia.com/advisories/15862/

Trust: 0.8

url:http://secunia.com/advisories/15884/

Trust: 0.8

url:http://secunia.com/advisories/15883/

Trust: 0.8

url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699

Trust: 0.8

url:http://secunia.com/advisories/15855/

Trust: 0.8

url:http://secunia.com/advisories/15810/

Trust: 0.8

url:http://secunia.com/advisories/15872/

Trust: 0.8

url:http://secunia.com/advisories/15922/

Trust: 0.8

url:http://securitytracker.com/alerts/2005/jun/1014327.html

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00088-07022005

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00087-07012005

Trust: 0.8

url:http://www.securityfocus.com/bid/14088

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2090

Trust: 0.8

url:http://securitytracker.com/alerts/2005/jul/1014365.html

Trust: 0.8

url:http://www.novell.com/support/viewcontent.do?externalid=7006398

Trust: 0.6

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2005-2090

Trust: 0.4

url:http://www.ietf.org/rfc/rfc2616.txt

Trust: 0.3

url:http://download.novell.com/download?buildid=n5vszfht1vs

Trust: 0.3

url:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23/ca20090123-01-cohesion-tomcat-multiple-vulnerabilities.aspx

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2007-0327.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2007-1069.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0524.html

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-0450

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-2449

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-1358

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-3386

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-2450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-3382

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-3385

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7195

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-1355

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2006-7195

Trust: 0.2

url:http://www.ca.com/us/contact/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7196

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2450

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0128

Trust: 0.1

url:http://support.ca.com/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3510

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1858

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-3510

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0128

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-3835

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1355

Trust: 0.1

url:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3835

Trust: 0.1

url:http://support.ca.com.

Trust: 0.1

url:http://www.ca.com/us/privacy/

Trust: 0.1

url:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1975

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1858

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3385

Trust: 0.1

url:http://osvdb.org/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3386

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3382

Trust: 0.1

url:https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search

Trust: 0.1

url:http://www.ca.com/us/legal/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-7196

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2449

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/3699/

Trust: 0.1

url:http://sourceforge.net/project/showfiles.php?group_id=66479

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1860

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1863

Trust: 0.1

url:https://www.hp.com/go/softwaredepot/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1900

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0774

Trust: 0.1

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-2872

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-2756

Trust: 0.1

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.1

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.1

url:https://www.hp.com/go/swa

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1887

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-5752

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3004

Trust: 0.1

url:http://www.vmware.com/security

Trust: 0.1

url:http://kb.vmware.com/kb/1003176

Trust: 0.1

url:http://kb.vmware.com/kb/1002434

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-3004

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://www.vmware.com/resources/techresources/726

Trust: 0.1

url:http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://www.enigmail.net/

Trust: 0.1

url:http://tomcat.apache.org/security-8.html

Trust: 0.1

url:http://tomcat.apache.org/security-7.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4286

Trust: 0.1

sources: CERT/CC: VU#442845 // BID: 13873 // JVNDB: JVNDB-2005-000866 // PACKETSTORM: 74289 // PACKETSTORM: 38388 // PACKETSTORM: 59939 // PACKETSTORM: 62402 // PACKETSTORM: 125394 // CNNVD: CNNVD-200507-004 // NVD: CVE-2005-2090

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200507-004

SOURCES

db:CERT/CCid:VU#442845
db:BIDid:13873
db:JVNDBid:JVNDB-2005-000866
db:PACKETSTORMid:74289
db:PACKETSTORMid:38388
db:PACKETSTORMid:59939
db:PACKETSTORMid:62402
db:PACKETSTORMid:125394
db:CNNVDid:CNNVD-200507-004
db:NVDid:CVE-2005-2090

LAST UPDATE DATE

2024-12-10T22:37:20.463000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:BIDid:13873date:2015-03-19T08:16:00
db:JVNDBid:JVNDB-2005-000866date:2009-06-19T00:00:00
db:CNNVDid:CNNVD-200507-004date:2019-04-16T00:00:00
db:NVDid:CVE-2005-2090date:2024-11-20T23:58:46.657

SOURCES RELEASE DATE

db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:BIDid:13873date:2005-06-06T00:00:00
db:JVNDBid:JVNDB-2005-000866date:2007-04-26T00:00:00
db:PACKETSTORMid:74289date:2009-01-27T23:27:39
db:PACKETSTORMid:38388date:2005-07-01T23:31:00
db:PACKETSTORMid:59939date:2007-10-10T05:27:27
db:PACKETSTORMid:62402date:2008-01-08T16:58:51
db:PACKETSTORMid:125394date:2014-02-25T18:33:33
db:CNNVDid:CNNVD-200507-004date:2005-07-05T00:00:00
db:NVDid:CVE-2005-2090date:2005-07-05T04:00:00