ID

VAR-201306-0226

CVE

CVE-2013-1862

TITLE

Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability

DESCRIPTION

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Apache HTTP Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands in the context of the application. ========================================================================== Ubuntu Security Notice USN-1903-1 July 15, 2013 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the Apache HTTP Server. (CVE-2013-1896) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: apache2.2-common 2.2.22-6ubuntu5.1 Ubuntu 12.10: apache2.2-common 2.2.22-6ubuntu2.3 Ubuntu 12.04 LTS: apache2.2-common 2.2.22-1ubuntu1.4 Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.12 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-043: RSA\xae Validation Manager Security Update for Multiple Vulnerabilities EMC Identifier: ESA-2015-043 CVE Identifier: CVE-2014-3566, CVE-2014-0098, CVE-2014-0231, CVE-2014-0226, CVE-2013-1862, CVE-2012-3499, CVE-2015-0526, CVE-2013-2566 Severity Rating: CVSSv2 Base Score: See below for details Affected Products: RSA Validation Manager 3.2 prior to Build 201 Unaffected Products: RSA Validation Manager 3.2 Build 201 or above Summary: RSA Validation Manager (RVM) requires a security update to address potential multiple vulnerabilities. Details: RSA Validation Manager (RVM) contains security fixes to address the following vulnerabilities: CVE-2014-3566:The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2014-0098: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231 CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1862 for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3499 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2013-2566: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Reflected Cross-Site Scripting Vulnerability (CVE-2015-0526): A cross-site scripting vulnerability affecting the displayMode and wrapPreDisplayMode parameter could potentially be exploited by an attacker to execute arbitrary HTML and script code in RVM user\x92s browser session. CVSSv2 Base Score:7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search. Recommendation: The following RVM release contains the resolution to these issues: RSA Validation Manager 3.2 Build 201 or later RSA recommends all customers upgrade to the version mentioned above at the earliest opportunity. Credit: RSA would like to thank Ken Cijsouw (ken.cijsouw@sincerus.nl) for reporting CVE-2015-0526. Obtaining Downloads: To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.emc.com/support/rsa/index.htm RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. http://www.emc.com/support/rsa/eops/index.htm SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes & Security Advisories Subscription RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. A buffer overflow when reading digest password file with very long lines in htdigest was discovered (PR 54893). The updated packages have been patched to correct these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRuwlzmqjQ0CJFipgRAlG7AKDQ3Xy7er2TqLwwKb9yOW9gCndu+gCg9q0k /Izii75hQ+sb7O4WK6l9ghI= =iyY/ -----END PGP SIGNATURE----- . Please review the CVE identifiers and research paper referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache HTTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.25" References ========== [ 1 ] CVE-2007-6750 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6750 [ 2 ] CVE-2012-4929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4929 [ 3 ] CVE-2013-1862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1862 [ 4 ] CVE-2013-1896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1896 [ 5 ] Compression and Information Leakage of Plaintext http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. (CVE-2013-1862) Note: CVE-2013-1862 affects mod_rewrite. In the process of testing this patch, it was found that enabling mod_rewrite on 64-bit versions of Windows Server 2008 and Windows Server 2008 R2 running Red Hat JBoss Web Server 2.0.1 could cause an httpd thread to crash, and the httpd process to restart. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update Advisory ID: RHSA-2013:1208-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1208.html Issue date: 2013-09-04 CVE Names: CVE-2012-3499 CVE-2012-4558 CVE-2013-1862 CVE-2013-1896 CVE-2013-1921 CVE-2013-2172 CVE-2013-4112 ===================================================================== 1. Summary: Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server - i386, noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes: Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim's browser generate an HTTP request with a specially-crafted Host header. (CVE-2012-3499) Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. (CVE-2012-4558) A flaw was found in the way the mod_dav module handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. (CVE-2013-1896) A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block. (CVE-2013-2172) It was found that mod_rewrite did not filter terminal escape sequences from its log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user. (CVE-2013-1862) The data file used by PicketBox Vault to store encrypted passwords contains a copy of its own admin key. The file is encrypted using only this admin key, not the corresponding JKS key. A local attacker with permission to read the vault data file could read the admin key from the file, and use it to decrypt the file and read the stored passwords in clear text. (CVE-2013-1921) A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on an adjacent network to reuse the credentials from a previous successful authentication. This could be exploited to read diagnostic information (information disclosure) and attain limited remote code execution. (CVE-2013-4112) Warning: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Refer to the Solution section for further details. All users of Red Hat JBoss Enterprise Application Platform 6.1.0 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For more details, refer to the Release Notes for Red Hat JBoss Enterprise Application Platform 6.1.1, available shortly from https://access.redhat.com/site/documentation/ This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames 915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface 948106 - CVE-2013-1921 JBoss PicketBox: Insecure storage of masked passwords 953729 - CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file 983489 - CVE-2013-4112 JGroups: Authentication via cached credentials 983549 - CVE-2013-1896 httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav 985025 - Upgrade jbossweb to 7.2.2.Final-redhat-1 985061 - Upgrade jboss-as-console to 1.5.5.Final-redhat-1 985173 - Upgrade jboss-hal to 1.5.6.Final-redhat-1 989597 - Upgrade jbossws-common to 2.1.3.Final-redhat-1 989606 - Upgrade jboss-stdio to 1.0.2.GA-redhat-1 990636 - Upgrade jboss-aesh to 0.33.6-redhat-1 990657 - Upgrade jaxbintros to 1.0.2.GA-redhat-5 990662 - Upgrade picketlink-federation to 2.1.6.2.Final-redhat-2 990671 - Upgrade jbossts to 4.17.7.Final-redhat-3 990686 - Upgrade jboss-logmanager to 1.4.3.Final-redhat-1 995115 - Upgrade hornetq to 2.3.5.Final-redhat-1 995290 - Upgrade jgroups to 3.2.10.Final-redhat-1 995563 - Upgrade picketbox to 4.0.17.SP2-redhat-1 996313 - Upgrade hornetq-native to 2.3.5.Final-redhat-1 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 6. Package List: Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-beanutils-1.8.3-12.redhat_3.2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-2.6.8-8.redhat_7.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-xjc-utils-2.6.0-2.redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hibernate4-4.2.0-7.SP1_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-2.3.5-2.Final_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/httpd-2.2.22-25.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/infinispan-5.2.7-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ironjacamar-1.0.19-1.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jaxbintros-1.0.2-16.GA_redhat_6.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-aesh-0.33.7-2.redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cli-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-client-all-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-clustering-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cmp-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-connector-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-console-1.5.6-2.Final_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-embedded-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jdr-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jpa-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsf-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-logging-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-mail-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-messaging-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-naming-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-network-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-pojo-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-protocol-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-remoting-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-sar-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-security-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-threads-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-transactions-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-version-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-web-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-webservices-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-weld-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-xts-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb-client-1.0.23-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-hal-1.5.7-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-invocation-1.1.2-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jsp-api_2.2_spec-1.0.1-6.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-logmanager-1.4.3-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-marshalling-1.3.18-1.GA_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-modules-1.2.2-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remote-naming-1.0.7-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.5-2.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-stdio-1.0.2-1.GA_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-bundles-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-core-7.2.1-6.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-domain-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-javadocs-7.2.1-2.Final_redhat_10.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.2.1-9.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-product-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-standalone-7.2.1-6.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossts-4.17.7-4.Final_redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossweb-7.2.2-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-common-2.1.3-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-cxf-4.1.4-7.Final_redhat_7.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-spi-2.1.3-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jcip-annotations-eap6-1.0-4.redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jgroups-3.2.10-1.Final_redhat_2.2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/log4j-jboss-logmanager-1.0.2-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/netty-3.6.6-2.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/opensaml-2.5.1-2.redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/openws-1.4.2-10.redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketbox-4.0.17-3.SP2_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketlink-federation-2.1.6.3-2.Final_redhat_2.2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/wss4j-1.6.10-1.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xml-security-1.5.5-1.redhat_1.ep6.el6.src.rpm i386: apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6.i386.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-2.redhat_2.ep6.el6.i386.rpm hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.i386.rpm hornetq-native-debuginfo-2.3.5-1.Final_redhat_1.ep6.el6.i386.rpm httpd-2.2.22-25.ep6.el6.i386.rpm httpd-debuginfo-2.2.22-25.ep6.el6.i386.rpm httpd-devel-2.2.22-25.ep6.el6.i386.rpm httpd-tools-2.2.22-25.ep6.el6.i386.rpm jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.i386.rpm mod_ssl-2.2.22-25.ep6.el6.i386.rpm noarch: apache-commons-beanutils-1.8.3-12.redhat_3.2.ep6.el6.noarch.rpm apache-cxf-2.6.8-8.redhat_7.1.ep6.el6.noarch.rpm apache-cxf-xjc-utils-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm cxf-xjc-boolean-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm cxf-xjc-dv-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm cxf-xjc-ts-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm hibernate4-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm hibernate4-core-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm hibernate4-entitymanager-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm hibernate4-envers-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm hibernate4-infinispan-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm hornetq-2.3.5-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-cachestore-jdbc-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-cachestore-remote-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-client-hotrod-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-core-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-common-api-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-common-impl-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-common-spi-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-core-api-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-core-impl-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-deployers-common-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-jdbc-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-spec-api-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm ironjacamar-validator-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm jaxbintros-1.0.2-16.GA_redhat_6.ep6.el6.noarch.rpm jboss-aesh-0.33.7-2.redhat_2.1.ep6.el6.noarch.rpm jboss-as-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-cli-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-client-all-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-clustering-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-cmp-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-connector-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-console-1.5.6-2.Final_redhat_2.1.ep6.el6.noarch.rpm jboss-as-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-controller-client-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-deployment-repository-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-deployment-scanner-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-domain-http-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-domain-management-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-ee-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-ee-deployment-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-ejb3-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-embedded-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-host-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jacorb-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jaxr-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jaxrs-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jdr-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jpa-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jsf-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-jsr77-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-logging-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-mail-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-management-client-content-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-messaging-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-modcluster-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-naming-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-network-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-osgi-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-osgi-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-osgi-service-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-platform-mbean-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-pojo-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-process-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-protocol-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-remoting-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-sar-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-security-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-system-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-threads-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-transactions-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-version-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-web-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-webservices-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-weld-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-as-xts-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jboss-ejb-client-1.0.23-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-hal-1.5.7-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-invocation-1.1.2-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-jsp-api_2.2_spec-1.0.1-6.Final_redhat_2.ep6.el6.noarch.rpm jboss-logmanager-1.4.3-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-marshalling-1.3.18-1.GA_redhat_1.1.ep6.el6.noarch.rpm jboss-modules-1.2.2-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-remote-naming-1.0.7-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-security-negotiation-2.2.5-2.Final_redhat_2.ep6.el6.noarch.rpm jboss-stdio-1.0.2-1.GA_redhat_1.ep6.el6.noarch.rpm jbossas-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jbossas-bundles-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jbossas-core-7.2.1-6.Final_redhat_10.1.ep6.el6.noarch.rpm jbossas-domain-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jbossas-javadocs-7.2.1-2.Final_redhat_10.ep6.el6.noarch.rpm jbossas-modules-eap-7.2.1-9.Final_redhat_10.1.ep6.el6.noarch.rpm jbossas-product-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jbossas-standalone-7.2.1-6.Final_redhat_10.1.ep6.el6.noarch.rpm jbossas-welcome-content-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm jbossts-4.17.7-4.Final_redhat_4.ep6.el6.noarch.rpm jbossweb-7.2.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbossws-common-2.1.3-1.Final_redhat_1.ep6.el6.noarch.rpm jbossws-cxf-4.1.4-7.Final_redhat_7.ep6.el6.noarch.rpm jbossws-spi-2.1.3-1.Final_redhat_1.ep6.el6.noarch.rpm jcip-annotations-eap6-1.0-4.redhat_4.ep6.el6.noarch.rpm jgroups-3.2.10-1.Final_redhat_2.2.ep6.el6.noarch.rpm log4j-jboss-logmanager-1.0.2-1.Final_redhat_1.ep6.el6.noarch.rpm netty-3.6.6-2.Final_redhat_1.1.ep6.el6.noarch.rpm opensaml-2.5.1-2.redhat_2.1.ep6.el6.noarch.rpm openws-1.4.2-10.redhat_4.1.ep6.el6.noarch.rpm picketbox-4.0.17-3.SP2_redhat_2.1.ep6.el6.noarch.rpm picketlink-federation-2.1.6.3-2.Final_redhat_2.2.ep6.el6.noarch.rpm wss4j-1.6.10-1.redhat_1.ep6.el6.noarch.rpm xml-security-1.5.5-1.redhat_1.ep6.el6.noarch.rpm x86_64: apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6.x86_64.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-2.redhat_2.ep6.el6.x86_64.rpm hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.x86_64.rpm hornetq-native-debuginfo-2.3.5-1.Final_redhat_1.ep6.el6.x86_64.rpm httpd-2.2.22-25.ep6.el6.x86_64.rpm httpd-debuginfo-2.2.22-25.ep6.el6.x86_64.rpm httpd-devel-2.2.22-25.ep6.el6.x86_64.rpm httpd-tools-2.2.22-25.ep6.el6.x86_64.rpm jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.x86_64.rpm mod_ssl-2.2.22-25.ep6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3499.html https://www.redhat.com/security/data/cve/CVE-2012-4558.html https://www.redhat.com/security/data/cve/CVE-2013-1862.html https://www.redhat.com/security/data/cve/CVE-2013-1896.html https://www.redhat.com/security/data/cve/CVE-2013-1921.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-4112.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJ4RUXlSAg2UNWIIRAkONAJ9Gj4TeEJd7Dh9Yjd2ixoHf3Ww08wCgmeRo TN/pCGYMRQOd86d72g1mzjI= =8oZG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

encryption problem

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Joe Orton

SOURCES

LAST UPDATE DATE

2025-04-01T22:20:37.455000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE