ID

VAR-200906-0603


CVE

CVE-2008-5515


TITLE

Apache Tomcat information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-000036

DESCRIPTION

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. For more information, refer to the developer's website. Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.A remote attacker could possibly obtain information such as configuration or user credentials contained in the application which resides under the WEB-INF directory. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Modification, Denial of Service (DoS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02515878 Version: 1 HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-11-23 Last Updated: 2010-11-23 ------------------------------------------------------------------------------ Potential Security Impact: Remote information disclosure, unauthorized modification, or Denial of Service (DoS). Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. References: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2010-1157 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v3.13 contains HP-UX Tomcat-based Servlet Engine v5.5.30.01 Web Server Suite Version / Apache Depot name HP-UX Web Server Suite v.3.13 HPUXWS22ATW-B313-32.depot HPUXWS22ATW-B313-64.depot MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.13 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.30.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 23 November 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2010 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052 - ----------------------------------------------------------------------- 1. Summary Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds. 2. Relevant releases vCenter Server 4.0 before Update 1 ESXi 4.0 without patch ESXi400-200911201-UG ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG vMA 4.0 before patch 02 3. Problem Description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending Workstation any any not affected Player any any not affected Server 2.0 any affected, patch pending Server 1.0 any not affected ACE any any not affected Fusion any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * * vMA JRE is updated to version JRE 1.5.0_21 Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network. Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history. b. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending Workstation any any not affected Player any any not affected ACE any Windows not affected Server 2.x any affected, patch pending Server 1.x any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 not affected Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network. Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of Tomcat depends on your patch deployment history. c. Third party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.0 ESXi ESXi400-200911201-UG ESXi 3.5 ESXi affected, patch pending ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. d. Service Console update for ntp Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. The Service Console present in ESX is affected by the following security issues. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. NTP authentication is not enabled by default on the Service Console. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue. The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911238-SG ESX 3.5 ESX affected, patch pending ** ESX 3.0.3 ESX affected, patch pending ** ESX 2.5.5 ESX affected, patch pending ** vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. e. Updated Service Console package kernel Updated Service Console package kernel addresses the security issues below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911201-UG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 Patch 2 ** * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** vMA is updated to kernel version 2.6.18-164. f. Updated Service Console package python Service Console package Python update to version 2.4.3-24.el5. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service. An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911235-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. g. Updated Service Console package bind Service Console package bind updated to version 9.3.6-4.P1.el5 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911237-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. h. Updated Service Console package libxml2 Service Console package libxml2 updated to version 2.6.26-2.1.2.8. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911234-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. i. Updated Service Console package curl Service Console package curl updated to version 7.15.5-2.1.el5_3.5 A cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911232-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. j. Updated Service Console package gnutls Service Console package gnutil updated to version 1.4.1-3.el5_3.5 A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911233-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VMware vCenter Server 4 Update 1 -------------------------------- Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1 VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1 VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959 VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4 ESXi 4.0 Update 1 ----------------- ESXi400-200911201-UG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886 NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file. ESX 4.0 Update 1 ---------------- https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842 To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update 5. References CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 - ------------------------------------------------------------------------ 6. Change log 2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/ Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-788-1 June 15, 2009 tomcat6 vulnerabilities CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libtomcat6-java 6.0.18-0ubuntu3.2 tomcat6-examples 6.0.18-0ubuntu3.2 Ubuntu 9.04: libtomcat6-java 6.0.18-0ubuntu6.1 tomcat6-examples 6.0.18-0ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515) Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. (CVE-2009-0580) Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-0781) Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files. (CVE-2009-0783) Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz Size/MD5: 22010 87c6105cd78ea5a8dbf62054fc4ba0aa http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc Size/MD5: 1378 823c008ffc927c0f3f5686fc6f5188d0 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb Size/MD5: 174164 dd24331b2709bd6641b4055d0b052eae http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb Size/MD5: 2961944 63c8c3e0300ed70a240b79ddd3299efb http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb Size/MD5: 37370 b9b1bd6dc9cfb52107811295401c09e4 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb Size/MD5: 53488 5006e5c394ec815f6d36c335d9f0abaf http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb Size/MD5: 714516 768cacbb74453b1a2a49e55d61b7bedd http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb Size/MD5: 419180 0663de0611fb9792d44aebad8aa24cc4 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb Size/MD5: 18612 95544319007f1f90321469c5d314c72e http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb Size/MD5: 24156 9f4d7a0671e9330ff2fa1a1c13a20c58 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz Size/MD5: 24779 221e0f51259495fd01da2a6b67358b17 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc Size/MD5: 1411 e3bac3c39b2e6db3267699a533b17add http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb Size/MD5: 246196 54e990e7893923b8b6df4bcce9f3ba22 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb Size/MD5: 172500 abf989790a45def65d5de9a7f9b010df http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb Size/MD5: 2846254 c1c0180751500ce58c51b97de9f2d6d9 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb Size/MD5: 37874 e7d401faba215af22ecff31b4a675fad http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb Size/MD5: 53184 194153ab21adac9a47baaf92ea8d2acb http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb Size/MD5: 714212 d52e9abc75108a8f059346e09d47b511 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb Size/MD5: 418316 3a7110c9da4bd72a7019cbb75651da73 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb Size/MD5: 20520 ea5e54c91e7055e281d61e63f0e140f2 http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb Size/MD5: 24952 ec80f910d6c8e606c090ba8dd737bc4c . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: June 24, 2012 Bugs: #272566, #273662, #303719, #320963, #329937, #373987, #374619, #382043, #386213, #396401, #399227 ID: 201206-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Please review the CVE identifiers referenced below for details. Impact ====== The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35" All Apache Tomcat 7.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23" References ========== [ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://tomcat.apache.org/security-5.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 428b187497b4978051c7a6c4eac7e7cd 2009.0/i586/tomcat5-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 892d104aaf4eba625b8aece097a761f8 2009.0/i586/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm a9c262792eb51f72602206ed582e201e 2009.0/i586/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 312008330d70b0a738dbdb447b1a7eb5 2009.0/i586/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 7faf9b111c77426d292251717ee6c921 2009.0/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 632784effce6d3c1488db67bf715bf5a 2009.0/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm b626e7ad47d127c84a5ab4e4e195cb23 2009.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 50dff9ec31232df9ed3a9a4ced2b308d 2009.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 9e52510bc62f27eb83c4a8518612c245 2009.0/i586/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm db73d8ff41b418c723a6ed0ef98873b3 2009.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm c8c8eb4f4f2d3a790c3f24f792741da4 2009.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 7e923ae7ac28655f2fbb2a5bf21f14cb 2009.0/i586/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 70b0daf5445d25ba28ca5c9faf35ab30 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: adaf8aa38a56032c2af2b9e9a4d32f74 2009.0/x86_64/tomcat5-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 10ccca04d63fe432f1dfde1d68d37096 2009.0/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 4684a73eab871cdbb5944af43356292f 2009.0/x86_64/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 9a6a9b1f7814493f643ddd66558af448 2009.0/x86_64/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 7fca471aac6926e59cd51f5a259a4aff 2009.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 44081f3dd19e85300dfa01119ed42c3d 2009.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm aa92d9b64e7a499409cae4c426dbfa2a 2009.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 6dbf127680b58c3dbb318fcca1297e8e 2009.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm ac9fcec772e9cb2056b42f409be36bf9 2009.0/x86_64/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 56e0cfa45b4f7f01ba0b672df187ecb4 2009.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 4fbf140ef8760b63f8ae2a39fc665d96 2009.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 55b4425c6778e3633e4f4b054babaa37 2009.0/x86_64/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.0.noarch.rpm 70b0daf5445d25ba28ca5c9faf35ab30 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 96440fed883e326b13985fe48321021d 2009.1/i586/tomcat5-5.5.27-0.3.0.1mdv2009.1.noarch.rpm d276901515b98ff3accfd120264d3a46 2009.1/i586/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm cb8b99f44074805b1a61225aed1235f4 2009.1/i586/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 3a7b3bca71fa7ef6fb784d7051c6736a 2009.1/i586/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.1.noarch.rpm f2c0ccd5bc3251ce3b4bab0c44e39ef9 2009.1/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 425fefca7c5277e645d5b7965b256fa6 2009.1/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm c0b635c6f12ed81b50ef8f302b1602f6 2009.1/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 616d65f3f9ced4f522f571f1ad6763b3 2009.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm f9a9d71056a52ebd033cf060fa6c4779 2009.1/i586/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm ad6fb637810872f1e0d7610e65f2b419 2009.1/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 546af1e050b27e018b80a1e51f1e0dd0 2009.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 73ebe6e6d30f04f18f2a6d2343e29d0c 2009.1/i586/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 2f973dcb1297bc0eb1fb4b60605431e7 2009.1/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: c933a3c0fe41915a27bce5b390ee0f1d 2009.1/x86_64/tomcat5-5.5.27-0.3.0.1mdv2009.1.noarch.rpm ff17d1526a1cc79c00bad9fb851eac83 2009.1/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm eb747524bb223902319e3394493bc4e9 2009.1/x86_64/tomcat5-common-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 8daa93141056351326e4ddc36f78f478 2009.1/x86_64/tomcat5-jasper-5.5.27-0.3.0.1mdv2009.1.noarch.rpm bfd83b39fd977b34ad0b7bd76c7e9bf9 2009.1/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.1mdv2009.1.noarch.rpm cb6b940efcfdb997cd4a9c99fc59b95f 2009.1/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 15eb4406c3c5b869040bcf3a9c9e9dc8 2009.1/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 4366ec41c3ad6a4c4fa8208b6df8df7a 2009.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 715ca3b9309e33f8b682fc36e4e3c2be 2009.1/x86_64/tomcat5-server-lib-5.5.27-0.3.0.1mdv2009.1.noarch.rpm a43b1b547a28f3204af8f348f3c16427 2009.1/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 555f6333bb95694eae748f4f454a55ee 2009.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 0843f1dcaf4b5615db0cfe60eb75c93c 2009.1/x86_64/tomcat5-webapps-5.5.27-0.3.0.1mdv2009.1.noarch.rpm 2f973dcb1297bc0eb1fb4b60605431e7 2009.1/SRPMS/tomcat5-5.5.27-0.3.0.1mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKQAfhmqjQ0CJFipgRAvTWAJ446uOYsHLI3v3Ox5vokMTwloJkGQCfYytw 1RTR84DBZcvJ/gx+TWxwdXU= =3KZb -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.52

sources: NVD: CVE-2008-5515 // JVNDB: JVNDB-2009-000036 // BID: 35263 // VULMON: CVE-2008-5515 // PACKETSTORM: 96122 // PACKETSTORM: 82837 // PACKETSTORM: 78409 // PACKETSTORM: 114139 // PACKETSTORM: 89679 // PACKETSTORM: 78585

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:eqversion:4.1.22

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.18

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.17

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.23

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.20

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.26

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.19

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.25

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.21

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.2

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.18

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.16

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.15

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.14

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.13

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.10

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.9

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.7

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.6

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.5

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.4

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.3

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.2

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0.1

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:6.0

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.27

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.26

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.25

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.24

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.23

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.22

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.21

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.20

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.19

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.18

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.17

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.16

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.15

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.14

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.13

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.11

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.10

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.2

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:5.5.1

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.39

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.38

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.37

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.36

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.35

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.34

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.32

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.31

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.30

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.29

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.28

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.24

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.10

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.3

Trust: 1.3

vendor:vmwaremodel:virtualcenterscope:eqversion:2.0.2

Trust: 1.1

vendor:vmwaremodel:virtualcenterscope:eqversion:2.5

Trust: 1.1

vendor:vmwaremodel:vcenterscope:eqversion:4.0

Trust: 1.1

vendor:apachemodel:tomcatscope:eqversion:6.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.9

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.27

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.7

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.15

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.4

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.33

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.17

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.8

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:5.5.5

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.0 to 4.1.39

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:5.5.0 to 5.5.27

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:6.0.0 to 6.0.18

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 through v10.6.2

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.1

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:hewlett packard l pmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packard l pmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packard l pmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:hewlett packard l pmodel:hp-ux tomcat-based servlet enginescope:eqversion:before 5.5.30.01

Trust: 0.8

vendor:necmodel:infoframe documentskipperscope: - version: -

Trust: 0.8

vendor:necmodel:mconescope: - version: -

Trust: 0.8

vendor:necmodel:websam securemasterscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.3.z (server)

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(sparc)

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.0.3

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:serverscope:eqversion:2.x

Trust: 0.8

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.55

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.52

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.51

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.25

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.24

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.23

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.22

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:eqversion:2.0.21

Trust: 0.3

vendor:vmwaremodel:serverscope:eqversion:2.0.2

Trust: 0.3

vendor:vmwaremodel:serverscope:eqversion:2.0.1

Trust: 0.3

vendor:vmwaremodel:serverscope:eqversion:2.0

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.3

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.2

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.5

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 9 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 58scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 54scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 49scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 41scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 117scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 116scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 115scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 114scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 113scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 112scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 110scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 109scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 108scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 107scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.0

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for novell groupwisescope:eqversion:5.0.1

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for novell groupwisescope:eqversion:4.1.7

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for novell groupwisescope:eqversion:4.1.4

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for exchange mr1scope:eqversion:5.0.2

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for exchangescope:eqversion:5.0.2

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for exchangescope:eqversion:5.0.1

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for exchangescope:eqversion:5.0

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for exchangescope:eqversion:4.1.7

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for exchangescope:eqversion:4.1.4

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for domino mr1scope:eqversion:5.0.2

Trust: 0.3

vendor:rimmodel:blackberry enterprise server for dominoscope:eqversion:4.1.4

Trust: 0.3

vendor:rimmodel:blackberry enterprise server express for exchange mr1scope:eqversion:5.0.2

Trust: 0.3

vendor:rimmodel:blackberry enterprise server express for exchangescope:eqversion:5.0.2

Trust: 0.3

vendor:rimmodel:blackberry enterprise server express for exchangescope:eqversion:5.0.1

Trust: 0.3

vendor:rimmodel:blackberry enterprise server express for exchangescope:eqversion:4.1.4

Trust: 0.3

vendor:rimmodel:blackberry enterprise server express for domino mr1scope:eqversion:5.0.2

Trust: 0.3

vendor:rimmodel:blackberry enterprise server express for dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:rimmodel:blackberry enterprise server express for dominoscope:eqversion:4.1.4

Trust: 0.3

vendor:redhatmodel:red hat network satellite (for rhelscope:eqversion:4)5.1

Trust: 0.3

vendor:redhatmodel:network satellitescope:eqversion:45.3

Trust: 0.3

vendor:redhatmodel:network satellitescope:eqversion:45.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server el4scope:eqversion:0

Trust: 0.3

vendor:redhatmodel:jboss enterprise web serverscope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform el5scope:eqversion:4.3

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform el4scope:eqversion:4.3

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:4.3

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform el5scope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platform el4scope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:enterprise linux eus 5.3.z serverscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:developer suite as4scope:eqversion:3

Trust: 0.3

vendor:redhatmodel:certificate serverscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:application server ws4scope:eqversion:2

Trust: 0.3

vendor:redhatmodel:application server es4scope:eqversion:2

Trust: 0.3

vendor:redhatmodel:application server as4scope:eqversion:2

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:tivoli netcool/webtop fix packscope:eqversion:2.19

Trust: 0.3

vendor:ibmmodel:tivoli netcool/webtop fix packscope:eqversion:2.15

Trust: 0.3

vendor:ibmmodel:tivoli netcool/webtop fix packscope:eqversion:2.14

Trust: 0.3

vendor:ibmmodel:tivoli netcool/webtopscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:2.0

Trust: 0.3

vendor:hpmodel:performance managerscope:eqversion:8.21

Trust: 0.3

vendor:hpmodel:performance managerscope:eqversion:8.20

Trust: 0.3

vendor:hpmodel:performance managerscope:eqversion:8.10

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.22

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.21

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.18

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.17

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.12

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:eqversion:3.10

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprisescope:eqversion:8.0.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:3.2.1

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:3.1.2

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:3.1.1

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:2.1.2

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:2.1.1

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:2.1

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:2.0.1

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:2.0

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:3.2

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:6.0.11

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:6.0.8

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:5.5

Trust: 0.3

vendor:apachemodel:tomcat betascope:eqversion:4.1.3

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:4.1

Trust: 0.3

vendor:vmwaremodel:virtualcenter updatescope:neversion:2.56

Trust: 0.3

vendor:vmwaremodel:vcenter updatescope:neversion:4.01

Trust: 0.3

vendor:sunmodel:opensolaris build snv 118scope:neversion: -

Trust: 0.3

vendor:ibmmodel:tivoli netcool/webtop fix packscope:neversion:2.110

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:neversion:2.0.1

Trust: 0.3

vendor:hpmodel:hp-ux web server suitescope:neversion:3.13

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:neversion:3.2.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:6.0.20

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:5.5.28

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:4.1.40

Trust: 0.3

sources: BID: 35263 // JVNDB: JVNDB-2009-000036 // CNNVD: CNNVD-200906-265 // NVD: CVE-2008-5515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-5515
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2009-000036
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200906-265
value: MEDIUM

Trust: 0.6

VULMON: CVE-2008-5515
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-5515
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2009-000036
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: VULMON: CVE-2008-5515 // JVNDB: JVNDB-2009-000036 // CNNVD: CNNVD-200906-265 // NVD: CVE-2008-5515

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2009-000036 // NVD: CVE-2008-5515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-265

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200906-265

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-000036

PATCH

title:Security Updatesurl:http://tomcat.apache.org/security

Trust: 0.8

title:Apache Tomcat 6.x vulnerabilitiesurl:http://tomcat.apache.org/security-6.html

Trust: 0.8

title:Apache Tomcat 5.x vulnerabilitiesurl:http://tomcat.apache.org/security-5.html

Trust: 0.8

title:Apache Tomcat 4.x vulnerabilitiesurl:http://tomcat.apache.org/security-4.html

Trust: 0.8

title:HT4077url:http://support.apple.com/kb/HT4077

Trust: 0.8

title:tomcat5-5.5.23-0jpp.7.2.1AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=725

Trust: 0.8

title:JVN#63832775url:http://software.fujitsu.com/jp/security/vulnerabilities/jvn-63832775.html

Trust: 0.8

title:interstage-200902url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html

Trust: 0.8

title:HPUXWSATW313url:https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313

Trust: 0.8

title:HPSBUX02579url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02515878

Trust: 0.8

title:HPSBUX02466url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01908935

Trust: 0.8

title:1794url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1794

Trust: 0.8

title:NV09-008url:http://www.nec.co.jp/security-info/secinfo/nv09-008.html

Trust: 0.8

title:RHSA-2009:1164url:https://rhn.redhat.com/errata/RHSA-2009-1164.html

Trust: 0.8

title:Multiple vulnerabilities in Oracle Java Web Consoleurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1

Trust: 0.8

title:263529url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1

Trust: 0.8

title:VMSA-2009-0016url:http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Trust: 0.8

title:Red Hat: Important: JBoss Enterprise Application Platform 4.3.0.CP05 updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20091145 - Security Advisory

Trust: 0.1

title:Red Hat: Important: tomcat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20091164 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: tomcat6 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-788-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 6 Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ac49c4dcad19730a5b7d72eba69e3550

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 5 Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b4688be3241a5693241135af6523bb48

Trust: 0.1

title:Symantec Security Advisories: SA66 : Multiple Tomcat vulnerabilities in IntelligenceCenterurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=ce6312b51b7767e26422e4b3dbf8f5cd

Trust: 0.1

title:VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.url:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=4675848a694e2124743f676a2c827ef7

Trust: 0.1

sources: VULMON: CVE-2008-5515 // JVNDB: JVNDB-2009-000036

EXTERNAL IDS

db:NVDid:CVE-2008-5515

Trust: 3.4

db:BIDid:35263

Trust: 2.8

db:JVNid:JVN63832775

Trust: 2.5

db:VUPENid:ADV-2009-1520

Trust: 2.4

db:SECUNIAid:44183

Trust: 1.7

db:SECUNIAid:35685

Trust: 1.7

db:SECUNIAid:35393

Trust: 1.7

db:SECUNIAid:37460

Trust: 1.7

db:SECUNIAid:39317

Trust: 1.7

db:SECUNIAid:42368

Trust: 1.7

db:SECUNIAid:35788

Trust: 1.7

db:VUPENid:ADV-2010-3056

Trust: 1.6

db:VUPENid:ADV-2009-1535

Trust: 1.6

db:VUPENid:ADV-2009-1856

Trust: 1.6

db:VUPENid:ADV-2009-3316

Trust: 1.6

db:JVNDBid:JVNDB-2009-000036

Trust: 0.8

db:CNNVDid:CNNVD-200906-265

Trust: 0.6

db:VUPENid:2009/1856

Trust: 0.1

db:VUPENid:2009/3316

Trust: 0.1

db:VUPENid:2009/1520

Trust: 0.1

db:VUPENid:2010/3056

Trust: 0.1

db:VUPENid:2009/1535

Trust: 0.1

db:VULMONid:CVE-2008-5515

Trust: 0.1

db:PACKETSTORMid:96122

Trust: 0.1

db:PACKETSTORMid:82837

Trust: 0.1

db:PACKETSTORMid:78409

Trust: 0.1

db:PACKETSTORMid:114139

Trust: 0.1

db:PACKETSTORMid:89679

Trust: 0.1

db:PACKETSTORMid:78585

Trust: 0.1

sources: VULMON: CVE-2008-5515 // BID: 35263 // JVNDB: JVNDB-2009-000036 // PACKETSTORM: 96122 // PACKETSTORM: 82837 // PACKETSTORM: 78409 // PACKETSTORM: 114139 // PACKETSTORM: 89679 // PACKETSTORM: 78585 // CNNVD: CNNVD-200906-265 // NVD: CVE-2008-5515

REFERENCES

url:http://www.securityfocus.com/bid/35263

Trust: 3.2

url:http://www.vupen.com/english/advisories/2009/1520

Trust: 2.5

url:http://www.vmware.com/security/advisories/vmsa-2009-0016.html

Trust: 2.3

url:http://www.debian.org/security/2011/dsa-2207

Trust: 2.3

url:http://tomcat.apache.org/security-5.html

Trust: 2.1

url:http://tomcat.apache.org/security-4.html

Trust: 2.0

url:http://tomcat.apache.org/security-6.html

Trust: 2.0

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html

Trust: 2.0

url:http://jvn.jp/en/jp/jvn63832775/index.html

Trust: 1.7

url:http://secunia.com/advisories/35393

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/1535

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2009:138

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2009:136

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Trust: 1.7

url:http://secunia.com/advisories/35685

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/1856

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

Trust: 1.7

url:http://secunia.com/advisories/35788

Trust: 1.7

url:http://secunia.com/advisories/37460

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01156.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01246.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01216.html

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3316

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html

Trust: 1.7

url:http://support.apple.com/kb/ht4077

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

Trust: 1.7

url:http://secunia.com/advisories/39317

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:176

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=129070310906557&w=2

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/3056

Trust: 1.7

url:http://secunia.com/advisories/42368

Trust: 1.7

url:http://secunia.com/advisories/44183

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=136485229118404&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=127420533226623&w=2

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6445

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19452

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10422

Trust: 1.7

url:http://www.securityfocus.com/archive/1/507985/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/504202/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/504170/100/0/threaded

Trust: 1.7

url:https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515

Trust: 1.0

url:http://jvn.jp/en/jp/jvn63832775/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5515

Trust: 0.8

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2008-5515

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2009-0033

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2009-0580

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2009-0781

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2009-0783

Trust: 0.4

url:http://jakarta.apache.org/tomcat/

Trust: 0.3

url:/archive/1/504170

Trust: 0.3

url:/archive/1/504202

Trust: 0.3

url:/archive/1/507985

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg27012048

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01908935

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02515878

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24025919

Trust: 0.3

url:https://kb.bluecoat.com/index?page=content&id=sa66

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2009-1164.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2009-1506.html

Trust: 0.3

url:http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966&sliceid=1&command=show&forward=nonthreadedkc&kcid=kb25966

Trust: 0.3

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.2

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.2

url:https://www.hp.com/go/swa

Trust: 0.2

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2902

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2693

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2901

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2009:1145

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/788-1/

Trust: 0.1

url:http://software.hp.com

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1099

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2671

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1101

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1094

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864

Trust: 0.1

url:http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676

Trust: 0.1

url:http://www.vmware.com/security

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1096

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1103

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2670

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1102

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834

Trust: 0.1

url:http://kb.vmware.com/kb/1014842

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1097

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2625

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417

Trust: 0.1

url:http://www.vmware.com/resources/techresources/726

Trust: 0.1

url:http://www.vmware.com/support/policies/lifecycle/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1106

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107

Trust: 0.1

url:https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1100

Trust: 0.1

url:http://enigmail.mozdev.org/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333

Trust: 0.1

url:http://kb.vmware.com/kb/1014886

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1104

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1098

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1107

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1095

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1105

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2204

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2526

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0534

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1582

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4858

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3190

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1475

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2227

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1183

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3375

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4172

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1088

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2481

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1157

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2729

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201206-24.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1419

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3548

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/patches

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

sources: VULMON: CVE-2008-5515 // BID: 35263 // JVNDB: JVNDB-2009-000036 // PACKETSTORM: 96122 // PACKETSTORM: 82837 // PACKETSTORM: 78409 // PACKETSTORM: 114139 // PACKETSTORM: 89679 // PACKETSTORM: 78585 // CNNVD: CNNVD-200906-265 // NVD: CVE-2008-5515

CREDITS

Iida Minehiko

Trust: 0.6

sources: CNNVD: CNNVD-200906-265

SOURCES

db:VULMONid:CVE-2008-5515
db:BIDid:35263
db:JVNDBid:JVNDB-2009-000036
db:PACKETSTORMid:96122
db:PACKETSTORMid:82837
db:PACKETSTORMid:78409
db:PACKETSTORMid:114139
db:PACKETSTORMid:89679
db:PACKETSTORMid:78585
db:CNNVDid:CNNVD-200906-265
db:NVDid:CVE-2008-5515

LAST UPDATE DATE

2024-11-07T20:11:19.103000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2008-5515date:2019-03-25T00:00:00
db:BIDid:35263date:2015-04-13T22:12:00
db:JVNDBid:JVNDB-2009-000036date:2012-09-28T00:00:00
db:CNNVDid:CNNVD-200906-265date:2023-02-14T00:00:00
db:NVDid:CVE-2008-5515date:2023-02-13T02:19:34.757

SOURCES RELEASE DATE

db:VULMONid:CVE-2008-5515date:2009-06-16T00:00:00
db:BIDid:35263date:2009-06-08T00:00:00
db:JVNDBid:JVNDB-2009-000036date:2009-06-18T00:00:00
db:PACKETSTORMid:96122date:2010-11-27T18:01:33
db:PACKETSTORMid:82837date:2009-11-20T22:21:26
db:PACKETSTORMid:78409date:2009-06-15T20:42:09
db:PACKETSTORMid:114139date:2012-06-24T23:54:31
db:PACKETSTORMid:89679date:2010-05-19T06:15:08
db:PACKETSTORMid:78585date:2009-06-23T03:25:29
db:CNNVDid:CNNVD-200906-265date:2009-06-16T00:00:00
db:NVDid:CVE-2008-5515date:2009-06-16T21:00:00.313