ID

VAR-201405-0543


CVE

CVE-2014-0075


TITLE

Apache Tomcat of java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002698

DESCRIPTION

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Description: Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0 Release Notes. (CVE-2014-0099) It was found that the security audit functionality, provided by Red Hat JBoss Data Grid, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials. Refer to the Solution section of this advisory for additional information on the fix for this issue. (CVE-2014-0096) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Data Grid installation. The provided patch to fix CVE-2014-0058 also allows greater control over which of the following components of web requests are captured in audit logs: - - parameters - - cookies - - headers - - attributes It is also possible to selectively mask some elements of headers, parameters, cookies, and attributes using masks. This capability is provided by two system properties, which are introduced by this patch: 1) org.jboss.security.web.audit Description: This property controls the granularity of the security auditing of web requests. Possible values: off = Disables auditing of web requests headers = Audits only the headers of web requests cookies = Audits only the cookies of web requests parameters = Audits only the parameters of web requests attributes = Audits only the attributes of web requests headers,cookies,parameters = Audits the headers, cookies, and parameters of web requests headers,cookies = Audits the headers and cookies of web requests Default Value: headers, parameters Examples: Setting "org.jboss.security.web.audit=off" disables security auditing of web requests entirely. Setting "org.jboss.security.web.audit=headers" enables security auditing of only headers in web requests. 2) org.jboss.security.web.audit.mask Description: This property can be used to specify a list of strings to be matched against headers, parameters, cookies, and attributes of web requests. Any element matching the specified masks will be excluded from security audit logging. Possible values: Any comma separated string indicating keys of headers, parameters, cookies, and attributes. Default Value: j_password, authorization Note that currently the matching of the masks is fuzzy rather than strict. For example, a mask of "authorization" will mask both the header called authorization and the parameter called "custom_authorization". A future release may introduce strict masks. java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4 9yRzhuJFw0DWd+dOc4antEU= =SHMh -----END PGP SIGNATURE----- . It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04851013 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04851013 Version: 1 HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-10-15 Last Updated: 2015-10-15 Potential Security Impact: Remote multiple vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP OpenVMS CSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts. References: CVE-2013-4286 CVE-2013-4322 CVE-2013-4444 CVE-2013-4590 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0230 CVE-2014-0277 SSRT101975 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS CSWS_JAVA v7.0.29 Tomcat BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-4322 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-4444 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2013-4590 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0096 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-0119 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0230 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2014-0277 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software update to resolve the vulnerabilities in HP OpenVMS CSWS_Java. "Cumulative security patch for vulnerabilities addressed on CSWS_JAVA v7.0.29" http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac he/csws_java.html HISTORY Version:1 (rev.1) - 15 October 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2014:0865-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0865.html Issue date: 2014-07-09 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 ===================================================================== 1. Summary: Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1095602 - tomcat6 security patch tomcat6-6.0.24-CVE-2013-4322 typo results in application crash with EOFException 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://access.redhat.com/security/updates/classification/#moderate https://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTvXwnXlSAg2UNWIIRAlETAJ9h/t6cImOQb/wTXhxFFhcuNAuXXwCgrS7D OIiDqTphtomRGnnfl7/JS9g= =AWBW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56 Description =========== Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41" All Tomcat 7.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56" References ========== [ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-29.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2014-0075 // JVNDB: JVNDB-2014-002698 // PACKETSTORM: 127480 // PACKETSTORM: 131089 // PACKETSTORM: 131007 // PACKETSTORM: 127337 // PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 133997 // PACKETSTORM: 127413 // PACKETSTORM: 129553

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:eqversion:6.0.30

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.37

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.33

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.32

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.35

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.36

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.29

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.31

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.28

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:6.0.9

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.32

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.29

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.48

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.15

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.36

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.17

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.20

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.27

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.46

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.19

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.10

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.40

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.17

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.7

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.49

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.21

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.41

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.24

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.4

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.4

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.5

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.18

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.19

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.12

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.8

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.34

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.44

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.45

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.5

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.7

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.37

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.42

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.22

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.26

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.38

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.9

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.25

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.10

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.35

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.12

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.15

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:6.0.39

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.27

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.43

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.18

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.30

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.39

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.20

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.47

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.24

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.50

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.8

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.28

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.23

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.52

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.31

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:6.0.26

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.33

Trust: 1.0

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle enterprise data quality 9.0.11

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.2

Trust: 0.8

vendor:ibmmodel:rational lifecycle integration adapterscope:eqversion:for hp alm 1.0 to 1.1

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.63

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.71

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:lteversion:12.1.1 and earlier

Trust: 0.8

vendor:ibmmodel:rational build forgescope:eqversion:7.1.2

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.1

Trust: 0.8

vendor:hitachimodel:jp1/cm2/network node managerscope:eqversion:i

Trust: 0.8

vendor:apachemodel:tomcatscope:ltversion:7.x

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0

Trust: 0.8

vendor:apachemodel:tomcatscope:ltversion:8.x

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:eqversion:9.9.1

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.1

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.3

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:8.0.4

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:eqversion:10.4.1

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.1.4

Trust: 0.8

vendor:hitachimodel:jp1/cm2/network node managerscope:eqversion:i advanced

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:7.0.53

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 5.1

Trust: 0.8

vendor:oraclemodel:communications policy managementscope:eqversion:9.7.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle enterprise data quality 8.1.2

Trust: 0.8

vendor:ibmmodel:urbancode releasescope:eqversion:6.0.0.1

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 5.0

Trust: 0.8

vendor:apachemodel:tomcatscope:eqversion:6.0.39

Trust: 0.6

sources: JVNDB: JVNDB-2014-002698 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0075
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0075
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-585
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2014-0075
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2014-002698 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.8

sources: JVNDB: JVNDB-2014-002698 // NVD: CVE-2014-0075

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 127337 // PACKETSTORM: 127367 // PACKETSTORM: 127413 // CNNVD: CNNVD-201405-585

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201405-585

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002698

PATCH

title:Apache Tomcat 6.x vulnerabilitiesurl:http://tomcat.apache.org/security-6.html

Trust: 0.8

title:Apache Tomcat 7.x vulnerabilitiesurl:http://tomcat.apache.org/security-7.html

Trust: 0.8

title:Apache Tomcat 8.x vulnerabilitiesurl:http://tomcat.apache.org/security-8.html

Trust: 0.8

title:Revision 1578341url:http://svn.apache.org/viewvc?view=revision&revision=1578341

Trust: 0.8

title:Revision 1578337url:http://svn.apache.org/viewvc?view=revision&revision=1578337

Trust: 0.8

title:Revision 1579262url:http://svn.apache.org/viewvc?view=revision&revision=1579262

Trust: 0.8

title:HS15-007url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-007/index.html

Trust: 0.8

title:HPSBUX03150 SSRT101681url:http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04483248&lang=en&cc=us

Trust: 0.8

title:1680603url:http://www-01.ibm.com/support/docview.wss?uid=swg21680603

Trust: 0.8

title:1681528url:http://www-01.ibm.com/support/docview.wss?uid=swg21681528

Trust: 0.8

title:1678231url:http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Trust: 0.8

title:7010166url:http://www.novell.com/support/kb/doc.php?id=7010166

Trust: 0.8

title:ELSA-2014-0865url:http://linux.oracle.com/errata/ELSA-2014-0865.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2014 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - October 2016url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - October 2016 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - October 2014url:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - October 2014 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2014url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 0.8

title:RHSA-2015:0765url:http://rhn.redhat.com/errata/RHSA-2015-0765.html

Trust: 0.8

title:RHSA-2015:0234url:https://rhn.redhat.com/errata/RHSA-2015-0234.html

Trust: 0.8

title:RHSA-2015:0235url:https://rhn.redhat.com/errata/RHSA-2015-0235.html

Trust: 0.8

title:RHSA-2015:0675url:http://rhn.redhat.com/errata/RHSA-2015-0675.html

Trust: 0.8

title:RHSA-2015:0720url:http://rhn.redhat.com/errata/RHSA-2015-0720.html

Trust: 0.8

title:October 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2016_critical_patch_update

Trust: 0.8

title:CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat url:https://blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors

Trust: 0.8

title:October 2014 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2014_critical_patch_update

Trust: 0.8

title:VMSA-2014-0012url:http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Trust: 0.8

title:HS15-007url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-007/index.html

Trust: 0.8

title:apache-tomcat-7.0.53url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50506

Trust: 0.6

title:apache-tomcat-8.0.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50510

Trust: 0.6

title:apache-tomcat-6.0.41url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50505

Trust: 0.6

title:apache-tomcat-8.0.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50509

Trust: 0.6

title:apache-tomcat-6.0.41url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50504

Trust: 0.6

sources: JVNDB: JVNDB-2014-002698 // CNNVD: CNNVD-201405-585

EXTERNAL IDS

db:NVDid:CVE-2014-0075

Trust: 3.3

db:SECUNIAid:59678

Trust: 1.6

db:SECUNIAid:60793

Trust: 1.6

db:SECUNIAid:59616

Trust: 1.6

db:SECUNIAid:59835

Trust: 1.6

db:SECUNIAid:59849

Trust: 1.6

db:SECUNIAid:59121

Trust: 1.6

db:SECUNIAid:59732

Trust: 1.6

db:SECUNIAid:59873

Trust: 1.6

db:SECUNIAid:60729

Trust: 1.6

db:BIDid:67671

Trust: 1.6

db:JVNDBid:JVNDB-2014-002698

Trust: 0.8

db:CNNVDid:CNNVD-201405-585

Trust: 0.6

db:PACKETSTORMid:127480

Trust: 0.1

db:PACKETSTORMid:131089

Trust: 0.1

db:PACKETSTORMid:131007

Trust: 0.1

db:PACKETSTORMid:127337

Trust: 0.1

db:PACKETSTORMid:131227

Trust: 0.1

db:PACKETSTORMid:127367

Trust: 0.1

db:PACKETSTORMid:133997

Trust: 0.1

db:PACKETSTORMid:127413

Trust: 0.1

db:PACKETSTORMid:129553

Trust: 0.1

sources: JVNDB: JVNDB-2014-002698 // PACKETSTORM: 127480 // PACKETSTORM: 131089 // PACKETSTORM: 131007 // PACKETSTORM: 127337 // PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 133997 // PACKETSTORM: 127413 // PACKETSTORM: 129553 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

REFERENCES

url:http://advisories.mageia.org/mgasa-2014-0268.html

Trust: 2.5

url:http://rhn.redhat.com/errata/rhsa-2015-0720.html

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2015-0765.html

Trust: 1.7

url:http://tomcat.apache.org/security-6.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=144498216801440&w=2

Trust: 1.6

url:http://www.securityfocus.com/bid/67671

Trust: 1.6

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150282.html

Trust: 1.6

url:http://www.debian.org/security/2016/dsa-3447

Trust: 1.6

url:http://www.securityfocus.com/archive/1/534161/100/0/threaded

Trust: 1.6

url:http://rhn.redhat.com/errata/rhsa-2015-0675.html

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=141017844705317&w=2

Trust: 1.6

url:http://secunia.com/advisories/60729

Trust: 1.6

url:http://tomcat.apache.org/security-8.html

Trust: 1.6

url:http://secunia.com/advisories/59121

Trust: 1.6

url:http://svn.apache.org/viewvc?view=revision&revision=1578341

Trust: 1.6

url:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Trust: 1.6

url:http://secunia.com/advisories/59732

Trust: 1.6

url:http://secunia.com/advisories/59678

Trust: 1.6

url:http://secunia.com/advisories/59835

Trust: 1.6

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:052

Trust: 1.6

url:http://secunia.com/advisories/59616

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:053

Trust: 1.6

url:http://www.vmware.com/security/advisories/vmsa-2014-0012.html

Trust: 1.6

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 1.6

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Trust: 1.6

url:http://linux.oracle.com/errata/elsa-2014-0865.html

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21681528

Trust: 1.6

url:http://svn.apache.org/viewvc?view=revision&revision=1579262

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=141390017113542&w=2

Trust: 1.6

url:http://www.novell.com/support/kb/doc.php?id=7010166

Trust: 1.6

url:http://secunia.com/advisories/59873

Trust: 1.6

url:http://www.debian.org/security/2016/dsa-3530

Trust: 1.6

url:http://seclists.org/fulldisclosure/2014/dec/23

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:084

Trust: 1.6

url:http://svn.apache.org/viewvc?view=revision&revision=1578337

Trust: 1.6

url:http://tomcat.apache.org/security-7.html

Trust: 1.6

url:http://secunia.com/advisories/59849

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21680603

Trust: 1.6

url:http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Trust: 1.6

url:http://secunia.com/advisories/60793

Trust: 1.6

url:https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2014-0099

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2014-0096

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2014-0075

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0075

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-0119

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2014-0075.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2014-0096.html

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2014-0099.html

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-4590

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-4322

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-0227

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2014-0119.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0050

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2013-4002

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-6153

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3481

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3490

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3530

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2013-5855

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-0099

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3481

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-5855

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-0096

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3490

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3577

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3577

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-4002

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-0193

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-0227

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-0075

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2012-6153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-0119

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3530

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-4286

Trust: 0.2

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid&downloadtype=distributions

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0895.html

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_data_grid/

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-0059.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-0058.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0058

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0059

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0149.html

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0110.html

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3625

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse.serviceworks&downloadtype=securitypatches&version=6.0.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-0005

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3472

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0005

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3625

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3472

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3578

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3578

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=2.0.1

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0836.html

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform&downloadtype=securitypatches&version=6.0.0

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0843.html

Trust: 0.1

url:https://access.redhat.com/site/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0277

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4444

Trust: 0.1

url:http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0230

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0865.html

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5885

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0033

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201412-29.xml

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3546

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5887

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4431

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0050

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5887

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2067

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5886

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2733

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4286

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0119

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0075

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2071

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3544

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2071

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0099

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2067

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4322

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5886

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4590

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2733

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0096

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3544

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4534

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0033

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4431

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4534

Trust: 0.1

sources: JVNDB: JVNDB-2014-002698 // PACKETSTORM: 127480 // PACKETSTORM: 131089 // PACKETSTORM: 131007 // PACKETSTORM: 127337 // PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 133997 // PACKETSTORM: 127413 // PACKETSTORM: 129553 // CNNVD: CNNVD-201405-585 // NVD: CVE-2014-0075

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 127480 // PACKETSTORM: 131007 // PACKETSTORM: 127337 // PACKETSTORM: 131227 // PACKETSTORM: 127367 // PACKETSTORM: 127413

SOURCES

db:JVNDBid:JVNDB-2014-002698
db:PACKETSTORMid:127480
db:PACKETSTORMid:131089
db:PACKETSTORMid:131007
db:PACKETSTORMid:127337
db:PACKETSTORMid:131227
db:PACKETSTORMid:127367
db:PACKETSTORMid:133997
db:PACKETSTORMid:127413
db:PACKETSTORMid:129553
db:CNNVDid:CNNVD-201405-585
db:NVDid:CVE-2014-0075

LAST UPDATE DATE

2024-11-11T21:12:09.736000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2014-002698date:2016-11-22T00:00:00
db:CNNVDid:CNNVD-201405-585date:2019-04-16T00:00:00
db:NVDid:CVE-2014-0075date:2023-11-07T02:18:07.613

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2014-002698date:2014-06-03T00:00:00
db:PACKETSTORMid:127480date:2014-07-16T22:26:09
db:PACKETSTORMid:131089date:2015-03-30T21:20:12
db:PACKETSTORMid:131007date:2015-03-25T00:39:51
db:PACKETSTORMid:127337date:2014-07-03T23:00:46
db:PACKETSTORMid:131227date:2015-04-01T00:39:42
db:PACKETSTORMid:127367date:2014-07-07T20:28:43
db:PACKETSTORMid:133997date:2015-10-16T23:23:00
db:PACKETSTORMid:127413date:2014-07-09T18:51:14
db:PACKETSTORMid:129553date:2014-12-15T20:00:49
db:CNNVDid:CNNVD-201405-585date:2014-05-31T00:00:00
db:NVDid:CVE-2014-0075date:2014-05-31T11:17:13.093