ID

VAR-201405-0543


CVE

CVE-2014-0075


TITLE

Apache Tomcat of java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002698

DESCRIPTION

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Description: Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. Solution: The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-0096) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04851013 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04851013 Version: 1 HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-10-15 Last Updated: 2015-10-15 Potential Security Impact: Remote multiple vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP OpenVMS CSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts. References: CVE-2013-4286 CVE-2013-4322 CVE-2013-4444 CVE-2013-4590 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0230 CVE-2014-0277 SSRT101975 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS CSWS_JAVA v7.0.29 Tomcat BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-4322 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-4444 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2013-4590 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0096 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-0119 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0230 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2014-0277 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software update to resolve the vulnerabilities in HP OpenVMS CSWS_Java. "Cumulative security patch for vulnerabilities addressed on CSWS_JAVA v7.0.29" http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac he/csws_java.html HISTORY Version:1 (rev.1) - 15 October 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. For the oldstable distribution (wheezy), these problems have been fixed in version 6.0.45+dfsg-1~deb7u1. We recommend that you upgrade your tomcat6 packages. Description: Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2014:0865-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0865.html Issue date: 2014-07-09 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 ===================================================================== 1. Summary: Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1095602 - tomcat6 security patch tomcat6-6.0.24-CVE-2013-4322 typo results in application crash with EOFException 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://access.redhat.com/security/updates/classification/#moderate https://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTvXwnXlSAg2UNWIIRAlETAJ9h/t6cImOQb/wTXhxFFhcuNAuXXwCgrS7D OIiDqTphtomRGnnfl7/JS9g= =AWBW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2014-0075 // JVNDB: JVNDB-2014-002698 // PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 130430 // PACKETSTORM: 133997 // PACKETSTORM: 136437 // PACKETSTORM: 130429 // PACKETSTORM: 127413

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:eqversion:6.0.30

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.37

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.33

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.32

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.35

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.36

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.29

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.31

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.28

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.9

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.32

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.29

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.48

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.15

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.36

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.17

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.20

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.27

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.46

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.19

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.10

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.40

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.17

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.7

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.49

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.21

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.41

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.24

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.4

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.4

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.5

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.18

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.19

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.12

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.8

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.34

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.44

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.45

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.5

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.7

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.37

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.42

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.22

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.26

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.38

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.9

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.25

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.10

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.35

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.12

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.15

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:6.0.39

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.27

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.43

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.18

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.30

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.39

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.20

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.47

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.24

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.50

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.8

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.28

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.23

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.52

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.31

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.26

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.33

Trust: 1.0

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle enterprise data quality 9.0.11

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.2

Trust: 0.8

vendor:ibmmodel:rational lifecycle integration adapterscope:eqversion:for hp alm 1.0 to 1.1

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.63

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.71

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:lteversion:12.1.1 and earlier

Trust: 0.8

vendor:ibmmodel:rational build forgescope:eqversion:7.1.2

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.1

Trust: 0.8

vendor:hitachimodel:jp1/cm2/network node managerscope:eqversion:i

Trust: 0.8

vendor:apachemodel:tomcatscope:ltversion:7.x

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0

Trust: 0.8

vendor:apachemodel:tomcatscope:ltversion:8.x

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:eqversion:9.9.1

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.1

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.3

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:8.0.4

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:eqversion:10.4.1

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.4

Trust: 0.8

vendor:hitachimodel:jp1/cm2/network node managerscope:eqversion:i advanced

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:7.0.53

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 5.1

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:eqversion:9.7.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle enterprise data quality 8.1.2

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.0.1

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 5.0

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:6.0.39

Trust: 0.6

sources: JVNDB: JVNDB-2014-002698 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0075
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0075
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-585
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2014-0075
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2014-002698 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.8

sources: JVNDB: JVNDB-2014-002698 // NVD: CVE-2014-0075

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 127367 // PACKETSTORM: 127413 // CNNVD: CNNVD-201405-585

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201405-585

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002698

PATCH

title:Apache Tomcat 6.x vulnerabilitiesurl:http://tomcat.apache.org/security-6.html

Trust: 0.8

title:Apache Tomcat 7.x vulnerabilitiesurl:http://tomcat.apache.org/security-7.html

Trust: 0.8

title:Apache Tomcat 8.x vulnerabilitiesurl:http://tomcat.apache.org/security-8.html

Trust: 0.8

title:Revision 1578341url:http://svn.apache.org/viewvc?view=revision&revision=1578341

Trust: 0.8

title:Revision 1578337url:http://svn.apache.org/viewvc?view=revision&revision=1578337

Trust: 0.8

title:Revision 1579262url:http://svn.apache.org/viewvc?view=revision&revision=1579262

Trust: 0.8

title:HS15-007url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-007/index.html

Trust: 0.8

title:HPSBUX03150 SSRT101681url:http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04483248&lang=en&cc=us

Trust: 0.8

title:1680603url:http://www-01.ibm.com/support/docview.wss?uid=swg21680603

Trust: 0.8

title:1681528url:http://www-01.ibm.com/support/docview.wss?uid=swg21681528

Trust: 0.8

title:1678231url:http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Trust: 0.8

title:7010166url:http://www.novell.com/support/kb/doc.php?id=7010166

Trust: 0.8

title:ELSA-2014-0865url:http://linux.oracle.com/errata/ELSA-2014-0865.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2014 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - October 2016url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - October 2016 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - October 2014url:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - October 2014 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2014url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 0.8

title:RHSA-2015:0765url:http://rhn.redhat.com/errata/RHSA-2015-0765.html

Trust: 0.8

title:RHSA-2015:0234url:https://rhn.redhat.com/errata/RHSA-2015-0234.html

Trust: 0.8

title:RHSA-2015:0235url:https://rhn.redhat.com/errata/RHSA-2015-0235.html

Trust: 0.8

title:RHSA-2015:0675url:http://rhn.redhat.com/errata/RHSA-2015-0675.html

Trust: 0.8

title:RHSA-2015:0720url:http://rhn.redhat.com/errata/RHSA-2015-0720.html

Trust: 0.8

title:October 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2016_critical_patch_update

Trust: 0.8

title:CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat url:https://blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors

Trust: 0.8

title:October 2014 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2014_critical_patch_update

Trust: 0.8

title:VMSA-2014-0012url:http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Trust: 0.8

title:HS15-007url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-007/index.html

Trust: 0.8

title:apache-tomcat-7.0.53url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50506

Trust: 0.6

title:apache-tomcat-8.0.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50510

Trust: 0.6

title:apache-tomcat-6.0.41url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50505

Trust: 0.6

title:apache-tomcat-8.0.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50509

Trust: 0.6

title:apache-tomcat-6.0.41url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50504

Trust: 0.6

sources: JVNDB: JVNDB-2014-002698 // CNNVD: CNNVD-201405-585

EXTERNAL IDS

db:NVDid:CVE-2014-0075

Trust: 3.1

db:SECUNIAid:59678

Trust: 1.6

db:SECUNIAid:60793

Trust: 1.6

db:SECUNIAid:59616

Trust: 1.6

db:SECUNIAid:59835

Trust: 1.6

db:SECUNIAid:59849

Trust: 1.6

db:SECUNIAid:59121

Trust: 1.6

db:SECUNIAid:59732

Trust: 1.6

db:SECUNIAid:59873

Trust: 1.6

db:SECUNIAid:60729

Trust: 1.6

db:BIDid:67671

Trust: 1.6

db:JVNDBid:JVNDB-2014-002698

Trust: 0.8

db:CNNVDid:CNNVD-201405-585

Trust: 0.6

db:PACKETSTORMid:131227

Trust: 0.1

db:PACKETSTORMid:127367

Trust: 0.1

db:PACKETSTORMid:130430

Trust: 0.1

db:PACKETSTORMid:133997

Trust: 0.1

db:PACKETSTORMid:136437

Trust: 0.1

db:PACKETSTORMid:130429

Trust: 0.1

db:PACKETSTORMid:127413

Trust: 0.1

sources: JVNDB: JVNDB-2014-002698 // PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 130430 // PACKETSTORM: 133997 // PACKETSTORM: 136437 // PACKETSTORM: 130429 // PACKETSTORM: 127413 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

REFERENCES

url:http://advisories.mageia.org/mgasa-2014-0268.html

Trust: 2.4

url:http://rhn.redhat.com/errata/rhsa-2015-0765.html

Trust: 1.7

url:http://tomcat.apache.org/security-6.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=144498216801440&w=2

Trust: 1.6

url:http://www.securityfocus.com/bid/67671

Trust: 1.6

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150282.html

Trust: 1.6

url:http://www.debian.org/security/2016/dsa-3447

Trust: 1.6

url:http://www.securityfocus.com/archive/1/534161/100/0/threaded

Trust: 1.6

url:http://rhn.redhat.com/errata/rhsa-2015-0675.html

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=141017844705317&w=2

Trust: 1.6

url:http://secunia.com/advisories/60729

Trust: 1.6

url:http://tomcat.apache.org/security-8.html

Trust: 1.6

url:http://secunia.com/advisories/59121

Trust: 1.6

url:http://svn.apache.org/viewvc?view=revision&revision=1578341

Trust: 1.6

url:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Trust: 1.6

url:http://secunia.com/advisories/59732

Trust: 1.6

url:http://secunia.com/advisories/59678

Trust: 1.6

url:http://secunia.com/advisories/59835

Trust: 1.6

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:052

Trust: 1.6

url:http://secunia.com/advisories/59616

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:053

Trust: 1.6

url:http://www.vmware.com/security/advisories/vmsa-2014-0012.html

Trust: 1.6

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 1.6

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Trust: 1.6

url:http://linux.oracle.com/errata/elsa-2014-0865.html

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21681528

Trust: 1.6

url:http://svn.apache.org/viewvc?view=revision&revision=1579262

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=141390017113542&w=2

Trust: 1.6

url:http://www.novell.com/support/kb/doc.php?id=7010166

Trust: 1.6

url:http://secunia.com/advisories/59873

Trust: 1.6

url:http://www.debian.org/security/2016/dsa-3530

Trust: 1.6

url:http://seclists.org/fulldisclosure/2014/dec/23

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:084

Trust: 1.6

url:http://svn.apache.org/viewvc?view=revision&revision=1578337

Trust: 1.6

url:http://tomcat.apache.org/security-7.html

Trust: 1.6

url:http://rhn.redhat.com/errata/rhsa-2015-0720.html

Trust: 1.6

url:http://secunia.com/advisories/59849

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21680603

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Trust: 1.6

url:http://secunia.com/advisories/60793

Trust: 1.6

url:https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0075

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-0099

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-0096

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-0075

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-0119

Trust: 0.6

url:https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-0227

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2013-4002

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-6153

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-3490

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-3530

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2013-5855

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-0099

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-5855

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-0096

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-0193

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-3490

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-3577

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-3577

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-4002

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-0193

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-0227

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-0075

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2012-6153

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-0119

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-3530

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2014-0075.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2014-0096.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2014-0099.html

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3625

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-8115

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-8114

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-8114

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3558

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-0005

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3558

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3472

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0005

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3625

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3472

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3682

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3578

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3578

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3682

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-8115

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-4590

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-4322

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0230

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-4286

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3481

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform&downloadtype=securitypatches&version=6.0.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3481

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0843.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-0119.html

Trust: 0.1

url:https://access.redhat.com/site/articles/11258

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2015-0235.html

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms&downloadtype=distributions&version=6.0.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0277

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4444

Trust: 0.1

url:http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0763

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-7810

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0706

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0714

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5174

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5351

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0033

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2015-0234.html

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite&downloadtype=distributions&version=6.0.3

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0865.html

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

sources: JVNDB: JVNDB-2014-002698 // PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 130430 // PACKETSTORM: 133997 // PACKETSTORM: 136437 // PACKETSTORM: 130429 // PACKETSTORM: 127413 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 130430 // PACKETSTORM: 130429 // PACKETSTORM: 127413

SOURCES

db:JVNDBid:JVNDB-2014-002698
db:PACKETSTORMid:131227
db:PACKETSTORMid:127367
db:PACKETSTORMid:130430
db:PACKETSTORMid:133997
db:PACKETSTORMid:136437
db:PACKETSTORMid:130429
db:PACKETSTORMid:127413
db:CNNVDid:CNNVD-201405-585
db:NVDid:CVE-2014-0075

LAST UPDATE DATE

2024-11-20T22:00:35.668000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2014-002698date:2016-11-22T00:00:00
db:CNNVDid:CNNVD-201405-585date:2019-04-16T00:00:00
db:NVDid:CVE-2014-0075date:2023-11-07T02:18:07.613

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2014-002698date:2014-06-03T00:00:00
db:PACKETSTORMid:131227date:2015-04-01T00:39:42
db:PACKETSTORMid:127367date:2014-07-07T20:28:43
db:PACKETSTORMid:130430date:2015-02-17T22:24:00
db:PACKETSTORMid:133997date:2015-10-16T23:23:00
db:PACKETSTORMid:136437date:2016-03-26T13:13:00
db:PACKETSTORMid:130429date:2015-02-17T22:23:00
db:PACKETSTORMid:127413date:2014-07-09T18:51:14
db:CNNVDid:CNNVD-201405-585date:2014-05-31T00:00:00
db:NVDid:CVE-2014-0075date:2014-05-31T11:17:13.093