CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64
2012-07-30T00:00:00
ID OPENVAS:1361412562310881243 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2018-04-06T00:00:00
Description
Check for the Version of tomcat5
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)
Users of Tomcat should upgrade to these updated packages, which contain a
backported patch to correct this issue. Tomcat must be restarted for this
update to take effect.";
tag_affected = "tomcat5 on CentOS 5";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html");
script_oid("1.3.6.1.4.1.25623.1.0.881243");
script_version("$Revision: 9352 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2012-07-30 17:08:32 +0530 (Mon, 30 Jul 2012)");
script_cve_id("CVE-2010-4476");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name: "CESA", value: "2011:0336");
script_name("CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64");
script_tag(name: "summary" , value: "Check for the Version of tomcat5");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-admin-webapps", rpm:"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jasper-javadoc", rpm:"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jsp-2.0-api", rpm:"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jsp-2.0-api-javadoc", rpm:"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-servlet-2.4-api", rpm:"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-servlet-2.4-api-javadoc", rpm:"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-webapps", rpm:"tomcat5-webapps~5.5.23~0jpp.17.el5_6", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310881243", "bulletinFamily": "scanner", "title": "CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64", "description": "Check for the Version of tomcat5", "published": "2012-07-30T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881243", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html", "2011:0336"], "cvelist": ["CVE-2010-4476"], "type": "openvas", "lastseen": "2018-09-02T00:01:08", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check for the Version of tomcat5", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "43eac2b789dfb63a093f9d469ccfcea2716080d54a0f5184f39a6a63cc09d16f", "hashmap": [{"hash": "64d435d50dafa8ba72343789abb620ff", "key": "references"}, {"hash": "7fc5e6261e05402a6ecd3ec7f047aaa1", "key": "cvelist"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "b9626fc8d4cdc44250ce04a70171d492", "key": "description"}, {"hash": "afee6f811acf8ba8a1036649982a36e1", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "ec1964d4b56855a8c21afd5c11f9af12", "key": "href"}, {"hash": "b5b9bd501714289c6275ae71b66bff2c", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a282f166ddc6c378940071a6b738e1a3", "key": "reporter"}, {"hash": "6ea70a7d389257fd5f5b73e33ed85e78", "key": "published"}, {"hash": "6ba2942cec6d92ac1112de6601b60d41", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881243", "id": "OPENVAS:1361412562310881243", "lastseen": "2018-08-30T19:26:34", "modified": "2018-04-06T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310881243", "published": "2012-07-30T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html", "2011:0336"], "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n \n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881243\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:08:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0336\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:26:34"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check for the Version of tomcat5", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "671bf0246ff67f2158e1829106411f560c0749cc1327e1e8affd149a132dc38e", "hashmap": [{"hash": "64d435d50dafa8ba72343789abb620ff", "key": "references"}, {"hash": "7fc5e6261e05402a6ecd3ec7f047aaa1", "key": "cvelist"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "b9626fc8d4cdc44250ce04a70171d492", "key": "description"}, {"hash": "afee6f811acf8ba8a1036649982a36e1", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "ec1964d4b56855a8c21afd5c11f9af12", "key": "href"}, {"hash": "b5b9bd501714289c6275ae71b66bff2c", "key": "pluginID"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a282f166ddc6c378940071a6b738e1a3", "key": "reporter"}, {"hash": "6ea70a7d389257fd5f5b73e33ed85e78", "key": "published"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "6ba2942cec6d92ac1112de6601b60d41", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881243", "id": "OPENVAS:1361412562310881243", "lastseen": "2018-04-06T11:16:56", "modified": "2018-04-06T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310881243", "published": "2012-07-30T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html", "2011:0336"], "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n \n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881243\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:08:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0336\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:16:56"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "7fc5e6261e05402a6ecd3ec7f047aaa1"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "b9626fc8d4cdc44250ce04a70171d492"}, {"key": "href", "hash": "ec1964d4b56855a8c21afd5c11f9af12"}, {"key": "modified", "hash": "4fb7fd6149697e74d091717ea3f1ca84"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "b5b9bd501714289c6275ae71b66bff2c"}, {"key": "published", "hash": "6ea70a7d389257fd5f5b73e33ed85e78"}, {"key": "references", "hash": "64d435d50dafa8ba72343789abb620ff"}, {"key": "reporter", "hash": "a282f166ddc6c378940071a6b738e1a3"}, {"key": "sourceData", "hash": "6ba2942cec6d92ac1112de6601b60d41"}, {"key": "title", "hash": "afee6f811acf8ba8a1036649982a36e1"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "671bf0246ff67f2158e1829106411f560c0749cc1327e1e8affd149a132dc38e", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n \n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881243\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:08:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0336\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "1361412562310881243"}
{"cve": [{"lastseen": "2017-12-22T12:41:50", "references": ["http://www.securitytracker.com/id?1025062", "http://marc.info/?l=bugtraq&m=132215163318824&w=2", "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html", "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02720715&admit=109447627+1298159618320+28353475", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html", "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/", "http://www.ibm.com/support/docview.wss?uid=swg24029498", "http://www.redhat.com/support/errata/RHSA-2011-0211.html", "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html", "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "http://marc.info/?l=bugtraq&m=130497185606818&w=2", "http://blog.fortify.com/blog/2011/02/08/Double-Trouble", "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "http://www.redhat.com/support/errata/RHSA-2011-0214.html", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://marc.info/?l=bugtraq&m=133728004526190&w=2", "http://www.redhat.com/support/errata/RHSA-2011-0333.html", "http://www.debian.org/security/2011/dsa-2161", "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html", "http://marc.info/?l=bugtraq&m=130168502603566&w=2", "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://www.redhat.com/support/errata/RHSA-2011-0210.html", "http://www.vupen.com/english/advisories/2011/0365", "http://www.redhat.com/support/errata/RHSA-2011-0334.html", "http://marc.info/?l=bugtraq&m=129899347607632&w=2", "http://www.vupen.com/english/advisories/2011/0377", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html", "http://www.redhat.com/support/errata/RHSA-2011-0213.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://www.vupen.com/english/advisories/2011/0434", "http://marc.info/?l=bugtraq&m=130270785502599&w=2", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.vupen.com/english/advisories/2011/0605", "http://www.vupen.com/english/advisories/2011/0422", "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "http://marc.info/?l=bugtraq&m=130514352726432&w=2", "http://marc.info/?l=bugtraq&m=130497132406206&w=2", "http://www.vupen.com/english/advisories/2011/0379", "http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983", "http://www-01.ibm.com/support/docview.wss?uid=swg21468358", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "http://www.ibm.com/support/docview.wss?uid=swg24029497", "http://www.redhat.com/support/errata/RHSA-2011-0212.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", "http://marc.info/?l=bugtraq&m=131041767210772&w=2", "http://marc.info/?l=bugtraq&m=129960314701922&w=2", "http://marc.info/?l=bugtraq&m=136485229118404&w=2"], "description": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.", "edition": 3, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4476", "type": "cve", "enchantments": {"score": {"modified": "2017-12-22T12:41:50", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12662", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12662"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4476"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14589", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14589"}], "modified": "2017-12-21T21:29:02", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2:update2", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:sun:jre:1.4.2:update9", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jre:1.4.2:update5", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:sun:jre:1.4.2:update3", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jre:1.4.2:update7", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2:update1", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.4.2:update8", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:jre:1.4.2:update4", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:jre:1.4.2:update6", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T00:16:13", "references": [], "edition": 1, "description": "", "reporter": "f5", "published": "2011-05-09T21:09:00", "title": "Java Runtime Environment (JRE) vulnerability: CVE-2010-4476", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-4476"], "modified": "2017-03-14T00:49:00", "href": "https://support.f5.com/csp/article/K12826", "id": "F5:K12826", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:27", "references": [], "edition": 1, "description": "* These F5 product versions use the affected Java function to manage traffic in the Configuration utility. However, the system filters the input value to the function so the value falls within an expected range before the system passes data to the function. These expected ranges of data do not include data that can trigger this JRE vulnerability, so the system can safely use this function, and these F5 product versions are not vulnerable.\n\nA JRE vulnerability could allow a remote attacker to cause a denial-of-service (DoS) by using a crafted string that triggers an infinite loop.\n\nNone of the F5 product versions listed in this article, including those marked with an asterisk (*), use Java for production traffic packet processing and, therefore, are not vulnerable to this issue for production traffic.\n\n**Information about this advisory is available at the following location:**\n\n[Common Vulnerabilities and Exposures (CVE-2010-4476)](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476>)\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n", "reporter": "f5", "published": "2011-05-09T00:00:00", "title": "SOL12826 - Java Runtime Environment (JRE) vulnerability: CVE-2010-4476", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-4476"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/12000/800/sol12826.html", "id": "SOL12826", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-02T10:56:37", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html", "2011:0336"], "pluginID": "881243", "description": "Check for the Version of tomcat5", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-01-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881243", "id": "OPENVAS:881243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n \n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html\");\n script_id(881243);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:08:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0336\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:57", "references": [], "pluginID": "68995", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2161-1.", "edition": 2, "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "published": "2011-03-07T00:00:00", "title": "Debian Security Advisory DSA 2161-1 (openjdk-6)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=68995", "id": "OPENVAS:68995", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2161_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2161-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the floating point parser in OpenJDK, an\nimplementation of the Java platform, can enter an infinite loop when\nprocessing certain input strings. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack.\n\nFor the oldstable distribution (lenny), this problem will be fixed in\nversion 6b18-1.8.3-2~lenny1. For technical reasons, this update will\nbe released separately.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6b18-1.8.3-2+squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your openjdk-6 packages.\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2161-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202161-1\";\n\n\nif(description)\n{\n script_id(68995);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-4476\");\n script_name(\"Debian Security Advisory DSA 2161-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b18-1.8.3-2~lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b18-1.8.3-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:53", "references": ["https://www.redhat.com/archives/rhsa-announce/2011-February/msg00011.html", "2011:0214-01"], "pluginID": "1361412562310870390", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-02-11T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870390", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Java-based applications to hang, for instance if they parse Double values\n in a specially-crafted HTTP request. (CVE-2010-4476)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve this issue. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870390\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-11 13:26:17 +0100 (Fri, 11 Feb 2011)\");\n script_xref(name: \"RHSA\", value: \"2011:0214-01\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-4476\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.18.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.18.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.18.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.18.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.18.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.18.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:00", "references": ["https://www.redhat.com/archives/rhsa-announce/2011-March/msg00020.html", "2011:0336-01"], "pluginID": "870408", "description": "Check for the Version of tomcat5", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-03-15T00:00:00", "title": "RedHat Update for tomcat5 RHSA-2011:0336-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870408", "id": "OPENVAS:870408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2011:0336-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-March/msg00020.html\");\n script_id(870408);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-15 14:58:18 +0100 (Tue, 15 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0336-01\");\n script_cve_id(\"CVE-2010-4476\");\n script_name(\"RedHat Update for tomcat5 RHSA-2011:0336-01\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:00:03", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017312.html", "2011:0214"], "pluginID": "1361412562310881305", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for java CESA-2011:0214 centos5 x86_64", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881305", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0214 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Java-based applications to hang, for instance if they parse Double values\n in a specially-crafted HTTP request. (CVE-2010-4476)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve this issue. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017312.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881305\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:20:10 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0214\");\n script_name(\"CentOS Update for java CESA-2011:0214 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:35", "references": ["http://linux.oracle.com/errata/ELSA-2011-0336.html"], "pluginID": "1361412562310122221", "description": "Oracle Linux Local Security Checks ELSA-2011-0336", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2011-0336", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122221", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0336.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122221\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:59 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0336\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0336 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0336\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0336.html\");\n script_cve_id(\"CVE-2010-4476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:29", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017320.html", "2011:0336"], "pluginID": "880535", "description": "Check for the Version of tomcat5", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CentOS Update for tomcat5 CESA-2011:0336 centos5 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880535", "id": "OPENVAS:880535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:0336 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017320.html\");\n script_id(880535);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0336\");\n script_cve_id(\"CVE-2010-4476\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:0336 centos5 i386\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:50", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017311.html", "2011:0214"], "pluginID": "1361412562310880552", "description": "Check for the Version of java", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for java CESA-2011:0214 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0214 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Java-based applications to hang, for instance if they parse Double values\n in a specially-crafted HTTP request. (CVE-2010-4476)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve this issue. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017311.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880552\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0214\");\n script_cve_id(\"CVE-2010-4476\");\n script_name(\"CentOS Update for java CESA-2011:0214 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src-1.6.0.0\", rpm:\"java-1.6.0-openjdk-src-1.6.0.0~1.18.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:21", "references": ["https://www.redhat.com/archives/rhsa-announce/2011-March/msg00020.html", "2011:0336-01"], "pluginID": "1361412562310870408", "description": "Check for the Version of tomcat5", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-03-15T00:00:00", "title": "RedHat Update for tomcat5 RHSA-2011:0336-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2011:0336-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-March/msg00020.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870408\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-15 14:58:18 +0100 (Tue, 15 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0336-01\");\n script_cve_id(\"CVE-2010-4476\");\n script_name(\"RedHat Update for tomcat5 RHSA-2011:0336-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:31", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-April/017320.html", "2011:0336"], "pluginID": "1361412562310880535", "description": "Check for the Version of tomcat5", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for tomcat5 CESA-2011:0336 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:0336 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A denial of service flaw was found in the way certain strings were\n converted to Double objects. A remote attacker could use this flaw to cause\n Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\n Users of Tomcat should upgrade to these updated packages, which contain a\n backported patch to correct this issue. Tomcat must be restarted for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017320.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880535\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0336\");\n script_cve_id(\"CVE-2010-4476\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:0336 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.17.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:33:58", "references": ["http://support.novell.com/security/cve/CVE-2010-4476.html"], "pluginID": "52752", "description": "IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling :\n\n - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)", "edition": 5, "reporter": "Tenable", "published": "2011-03-22T00:00:00", "title": "SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_6_0-IBM-7369.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52752", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52752);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2018/06/29 12:01:02\");\n\n script_cve_id(\"CVE-2010-4476\");\n\n script_name(english:\"SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float\nnumber handling :\n\n - The Java Runtime Environment hangs forever when\n converting '2.2250738585072012e-308' to a binary\n floating-point number. (CVE-2010-4476)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4476.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7369.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.1-1.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:11", "references": ["http://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2010-4476.html", "http://rhn.redhat.com/errata/RHSA-2011-0292.html"], "pluginID": "52065", "description": "Updated java-1.4.2-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2011-02-23T00:00:00", "title": "RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0292)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo"], "id": "REDHAT-RHSA-2011-0292.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0292. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52065);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/07/27 12:15:50\");\n\n script_cve_id(\"CVE-2010-4476\");\n script_bugtraq_id(46091);\n script_xref(name:\"RHSA\", value:\"2011:0292\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0292)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.4.2-ibm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to\ncause Java based applications to hang, for example, if they parsed\nDouble values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP8 Java release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-4476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-0292.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0292\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-src-1.4.2.13.8-1jpp.4.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.4.2-ibm / java-1.4.2-ibm-demo / java-1.4.2-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:10", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=674336", "http://www.nessus.org/u?0fbb0e6f"], "pluginID": "51961", "description": "- Security updates\n\n - S4421494, CVE-2010-4476: infinite loop while parsing double literal.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2011-02-14T00:00:00", "title": "Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14 (2011-1263)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-1263.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51961", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1263.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51961);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2010-4476\");\n script_bugtraq_id(46091);\n script_xref(name:\"FEDORA\", value:\"2011-1263\");\n\n script_name(english:\"Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14 (2011-1263)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security updates\n\n - S4421494, CVE-2010-4476: infinite loop while parsing\n double literal.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=674336\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fbb0e6f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:54", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-March/001984.html"], "pluginID": "68225", "description": "From Red Hat Security Advisory 2011:0336 :\n\nUpdated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request.\n(CVE-2010-4476)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : tomcat5 (ELSA-2011-0336)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-07-26T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api"], "id": "ORACLELINUX_ELSA-2011-0336.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68225", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0336 and \n# Oracle Linux Security Advisory ELSA-2011-0336 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68225);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/26 13:32:43\");\n\n script_cve_id(\"CVE-2010-4476\");\n script_bugtraq_id(46091);\n script_xref(name:\"RHSA\", value:\"2011:0336\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2011-0336)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0336 :\n\nUpdated tomcat5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to\ncause Tomcat to hang via a specially crafted HTTP request.\n(CVE-2010-4476)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-March/001984.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.17.el5_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:34", "references": ["http://www.nessus.org/u?48bfd6e8"], "pluginID": "60953", "description": "A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-06-29T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110210_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60953", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60953);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/06/29 12:01:02\");\n\n script_cve_id(\"CVE-2010-4476\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to\ncause Java-based applications to hang, for instance if they parse\nDouble values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=1471\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48bfd6e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:27", "references": ["http://www.nessus.org/u?0d83e1d2", "http://www.nessus.org/u?a4d617f7"], "pluginID": "53419", "description": "Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2011-04-15T00:00:00", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-07-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0214.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53419", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0214 and \n# CentOS Errata and Security Advisory 2011:0214 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53419);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/03 15:35:23\");\n\n script_cve_id(\"CVE-2010-4476\");\n script_bugtraq_id(46091);\n script_xref(name:\"RHSA\", value:\"2011:0214\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2011:0214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to\ncause Java-based applications to hang, for instance if they parse\nDouble values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve this issue. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2011-April/017311.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4d617f7\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2011-April/017312.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d83e1d2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:37", "references": ["http://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2010-4476.html", "http://rhn.redhat.com/errata/RHSA-2011-0290.html"], "pluginID": "52063", "description": "Updated java-1.6.0-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2011-02-23T00:00:00", "title": "RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0290)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm"], "id": "REDHAT-RHSA-2011-0290.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52063", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0290. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52063);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/07/27 12:15:50\");\n\n script_cve_id(\"CVE-2010-4476\");\n script_bugtraq_id(46091);\n script_xref(name:\"RHSA\", value:\"2011:0290\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0290)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat\nEnterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to\ncause Java based applications to hang, for example, if they parsed\nDouble values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-4476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-0290.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0290\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-src-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-src-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-src-1.6.0.9.0-1jpp.5.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:32", "references": ["http://support.novell.com/security/cve/CVE-2010-4476.html"], "pluginID": "57209", "description": "IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling.\n\n - The Java Runtime Environment hangs forever when converting '2.2250738585072012e-308' to a binary floating-point number. (CVE-2010-4476)", "edition": 5, "reporter": "Tenable", "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7443)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_6_0-IBM-7443.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57209", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57209);\n script_version (\"1.7\");\n script_cvs_date(\"Date: 2018/06/29 12:01:02\");\n\n script_cve_id(\"CVE-2010-4476\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7443)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float\nnumber handling.\n\n - The Java Runtime Environment hangs forever when\n converting '2.2250738585072012e-308' to a binary\n floating-point number. (CVE-2010-4476)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4476.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7443.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-devel-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.8.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.1-1.8.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:59", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-February/001889.html", "https://oss.oracle.com/pipermail/el-errata/2011-February/001821.html"], "pluginID": "68197", "description": "From Red Hat Security Advisory 2011:0214 :\n\nUpdated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0214)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-07-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2011-0214.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68197", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0214 and \n# Oracle Linux Security Advisory ELSA-2011-0214 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68197);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/26 13:32:43\");\n\n script_cve_id(\"CVE-2010-4476\");\n script_bugtraq_id(46091);\n script_xref(name:\"RHSA\", value:\"2011:0214\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0214 :\n\nUpdated java-1.6.0-openjdk packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to\ncause Java-based applications to hang, for instance if they parse\nDouble values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve this issue. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001821.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001889.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.18.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.0.1.el5\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:28", "references": ["https://www.redhat.com/security/data/cve/CVE-2010-4476.html", "http://rhn.redhat.com/errata/RHSA-2011-0214.html"], "pluginID": "51952", "description": "Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2011-02-11T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0214)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4476"], "modified": "2018-07-27T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2011-0214.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51952", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0214. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51952);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/07/27 12:15:50\");\n\n script_cve_id(\"CVE-2010-4476\");\n script_bugtraq_id(46091);\n script_xref(name:\"RHSA\", value:\"2011:0214\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0214)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to\ncause Java-based applications to hang, for instance if they parse\nDouble values in a specially crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve this issue. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-4476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-0214.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0214\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "jvn": [{"lastseen": "2018-08-31T00:36:27", "references": [], "description": "\n ## Description\n\nIBM Lotus product line contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\n\n ## Impact\n\nA remote attacker may cause a denial-of-service (DoS). \n\n\n ## Solution\n\n**Apply a patch** \nApply the appropriate patch according to the information provided by the developer. \n\n\n ## Products Affected\n\n * Lotus Web Content Management 7.0, 6.1\n * Workplace Web Content Management 6.0\n * Lotus Quickr for WebSphere Portal 8.5, 8.1, 8.0\n * Lotus ActiveInsight 6.1, 6.0\n * Lotus Workforce Management 6.1\n * WebSphere Dashboard Framework 6.1, 6.0\n * WebSphere Portlet Factory 7.0, 6.1\n * IBM Mashup Center 3.0, 2.0, 1.1, 1.0\n * Lotus Mashups 3.0, 2.0, 1.1, 1.0\n * IBM Forms 4.0, 3.5\n * Lotus Connections 3.0, 2.5, 2.0, 1.0\n * Lotus Sametime Standard 8.5\n * Lotus Sametime Unified Telephony 8.5.1, 8.0\n * Lotus Expeditor 6.2\n * Lotus Sametime Advanced 8.0\nRefer to information provided by the developer for the affected OS versions of each product. \n\n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2011-03-04T00:00:00", "title": "JVN#97334690: IBM Lotus vulnerable to denial-of-service (DoS)", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2010-4476"], "modified": "2011-03-04T00:00:00", "id": "JVN:97334690", "href": "http://jvn.jp/en/jp/JVN97334690/index.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:36:26", "references": [], "description": "\n ## Description\n\nIBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\n\n ## Impact\n\nA remote attacker may cause a denial-of-service (DoS). \n\n\n ## Solution\n\n**Apply a patch** \nApply the appropriate patch according to the [information](<http://www.ibm.com/support/docview.wss?uid=swg21462019>) provided by the developer. \n\n\n ## Products Affected\n\n * IBM WebSphere Application Server from V6.0 to V6.0.2.43\n * IBM WebSphere Application Server from V6.1 to V6.1.0.35\n * IBM WebSphere Application Server from V7.0 to V7.0.0.13 \nAccording to the developer: \n_ \n\" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"_ \n\n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2011-03-04T00:00:00", "title": "JVN#26301278: IBM WebSphere Application Server vulnerable to denial-of-service (DoS)", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2010-4476"], "modified": "2011-03-30T00:00:00", "id": "JVN:26301278", "href": "http://jvn.jp/en/jp/JVN26301278/index.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:36:26", "references": [], "description": "\n ## Description\n\nIBM DB2 contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). \n\n\n ## Impact\n\nAn attacker that can create or execute stored procedures may cause a denial-of-service (DoS). \n\n\n ## Solution\n\n******Apply a patch** \nApply the appropriate patch according to the [information](<http://www.ibm.com/support/docview.wss?uid=swg21468291>) provided by the developer. \n\n\n ## Products Affected\n\n * DB2 for Linux, UNIX, and Windows Version 9.7 FP0 to FP3a\n * DB2 for Linux, UNIX, and Windows Version 9.5 FP0 to FP7\n * DB2 for Linux, UNIX, and Windows Version 9.1 FP0 to FP10\n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2011-03-04T00:00:00", "title": "JVN#16308183: IBM DB2 vulnerable to denial-of-service (DoS)", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2010-4476"], "modified": "2011-03-30T00:00:00", "id": "JVN:16308183", "href": "http://jvn.jp/en/jp/JVN16308183/index.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:36:26", "references": [], "description": "\n ## Description\n\nIBM Tivoli contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). \n\n\n ## Impact\n\nA remote attacker may cause a denial-of-service (DoS).\n\n ## Solution\n\n**Apply a patch** \nApply the appropriate patch according to the information provided by the developer. \n\n\n ## Products Affected\n\nA wide range of products are affected. For more information, refer to the vendor's website. \n\n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2011-03-10T00:00:00", "title": "JVN#81294135: IBM Tivoli vulnerable to denial-of-service (DoS)", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2010-4476"], "modified": "2011-03-10T00:00:00", "id": "JVN:81294135", "href": "http://jvn.jp/en/jp/JVN81294135/index.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-09T10:35:09", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8.sap-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap", "packageFilename": "java-1.4.2-ibm-sap-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8.sap-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap-demo", "packageFilename": "java-1.4.2-ibm-sap-demo-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8.sap-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap-devel", "packageFilename": "java-1.4.2-ibm-sap-devel-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8.sap-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap-javacomm", "packageFilename": "java-1.4.2-ibm-sap-javacomm-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8.sap-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap-src", "packageFilename": "java-1.4.2-ibm-sap-src-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.4.2.13.8.sap-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap", "packageFilename": "java-1.4.2-ibm-sap-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.4.2.13.8.sap-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap-devel", "packageFilename": "java-1.4.2-ibm-sap-devel-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm", "operator": "lt"}], "description": "The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJava based applications to hang, for example, if they parsed Double values\nin a specially-crafted HTTP request. (CVE-2010-4476)\n\nNote: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to\ncorrect a naming overlap; however, java-1.4.2-ibm-sap does not\nautomatically obsolete the previous java-1.4.2-ibm packages for Red Hat\nEnterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and\nRHBA-2010:0530 advisories, listed in the References, for further\ninformation.\n\nAll users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for\nSAP are advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-02-23T05:00:00", "type": "redhat", "title": "(RHSA-2011:0299) Moderate: java-1.4.2-ibm-sap security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-09T14:15:17", "id": "RHSA-2011:0299", "href": "https://access.redhat.com/errata/RHSA-2011:0299", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-06-06T18:04:27", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "i386", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "i386", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "i386", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "i386", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "i386", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "src", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.b17.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "src", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJava-based applications to hang, for instance if they parse Double values\nin a specially-crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve this issue. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2011-02-10T05:00:00", "type": "redhat", "title": "(RHSA-2011:0214) Moderate: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:11", "id": "RHSA-2011:0214", "href": "https://access.redhat.com/errata/RHSA-2011:0214", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:17:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageName": "jbossweb", "packageFilename": "jbossweb-2.1.10-5.patch01.1.1.ep5.el5.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageName": "jbossweb-jsp-2.1-api", "packageFilename": "jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageName": "jbossweb", "packageFilename": "jbossweb-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageName": "jbossweb-lib", "packageFilename": "jbossweb-lib-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageName": "jbossweb-servlet-2.5-api", "packageFilename": "jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "arch": "noarch", "operator": "lt"}], "description": "JBoss Web Server is a web container based on Apache Tomcat. It provides a\nsingle deployment platform for the JavaServer Pages (JSP) and Java Servlet\ntechnologies.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJBoss Web Server to hang via a specially-crafted HTTP request.\n(CVE-2010-4476)\n\nUsers of JBoss Web Server should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. The JBoss server process\nmust be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-02-10T05:00:00", "type": "redhat", "title": "(RHSA-2011:0211) Important: jbossweb security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2016-04-04T18:31:40", "id": "RHSA-2011:0211", "href": "https://access.redhat.com/errata/RHSA-2011:0211", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:20:15", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-plugin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "i386", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5.i386.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "x86_64", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5.x86_64.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5.ppc.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-javacomm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ppc64", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5.ppc64.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5.s390.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "s390x", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5.s390x.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm-demo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.8-1jpp.3.el5", "arch": "ia64", "packageFilename": "java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el5.ia64.rpm", "packageName": "java-1.4.2-ibm-src", "operator": "lt"}], "description": "The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJava based applications to hang, for example, if they parsed Double values\nin a specially-crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-02-22T05:00:00", "type": "redhat", "title": "(RHSA-2011:0292) Moderate: java-1.4.2-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:57:32", "id": "RHSA-2011:0292", "href": "https://access.redhat.com/errata/RHSA-2011:0292", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-06-07T05:58:37", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "i386", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "x86_64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "ppc64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390x", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390x", "packageName": "java-1.5.0-ibm-accessibility", "packageFilename": "java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.2.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390x", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390x", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.3-1jpp.2.el5", "arch": "s390x", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.3.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "x86_64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "i686", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.3.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.3.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.3.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.3.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.3.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "i686", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.3.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.3.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.3.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc", "packageName": "java-1.5.0-ibm-plugin", "packageFilename": "java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.3.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.3.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.3.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.3.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-javacomm", "packageFilename": "java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.3.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "ppc64", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.3.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "s390", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.3.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "s390", "packageName": "java-1.5.0-ibm-jdbc", "packageFilename": "java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.3.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.3-1jpp.3.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.3.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm-devel", "packageFilename": "java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.3.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.0.12.3-1jpp.3.el6", "arch": "s390x", "packageName": "java-1.5.0-ibm-src", "packageFilename": "java-1.5.0-ibm-src-1.5.0.12.3-1jpp.3.el6.s390x.rpm", "operator": "lt"}], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJava based applications to hang, for example, if they parsed Double values\nin a specially-crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-02-22T05:00:00", "type": "redhat", "title": "(RHSA-2011:0291) Moderate: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:22", "id": "RHSA-2011:0291", "href": "https://access.redhat.com/errata/RHSA-2011:0291", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:20:23", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "src", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.src.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.ppc.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ppc64", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.ppc64.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "s390x", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.s390x.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nTomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. Tomcat must be restarted for this\nupdate to take effect.\n", "reporter": "RedHat", "published": "2011-03-09T05:00:00", "type": "redhat", "title": "(RHSA-2011:0336) Important: tomcat5 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:09:59", "id": "RHSA-2011:0336", "href": "https://access.redhat.com/errata/RHSA-2011:0336", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-06-07T05:58:29", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "i386", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-accessibility", "packageFilename": "java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.4.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.0-1jpp.4.el5", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.5.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.5.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.5.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.5.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.5.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.5.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.5.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "x86_64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.5.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "i686", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.5.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.5.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.5.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.5.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-plugin", "packageFilename": "java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.5.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "i686", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.5.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "ppc", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.5.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.5.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.5.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.5.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-javacomm", "packageFilename": "java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.5.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.5.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "ppc64", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.5.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "s390", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.5.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.0-1jpp.5.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.5.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.5.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-jdbc", "packageFilename": "java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.5.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.9.0-1jpp.5.el6", "arch": "s390x", "packageName": "java-1.6.0-ibm-src", "packageFilename": "java-1.6.0-ibm-src-1.6.0.9.0-1jpp.5.el6.s390x.rpm", "operator": "lt"}], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJava based applications to hang, for example, if they parsed Double values\nin a specially-crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2011-02-22T05:00:00", "type": "redhat", "title": "(RHSA-2011:0290) Moderate: java-1.6.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:11", "id": "RHSA-2011:0290", "href": "https://access.redhat.com/errata/RHSA-2011:0290", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:17:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageFilename": "jbossweb-2.1.10-5.patch01.1.1.ep5.el5.src.rpm", "packageName": "jbossweb", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageFilename": "jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "packageName": "jbossweb-jsp-2.1-api", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0-8.CP15.patch01.0jpp.ep1.1.el5", "packageFilename": "jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.noarch.rpm", "packageName": "jbossweb", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageFilename": "jbossweb-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "packageName": "jbossweb", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageFilename": "jbossweb-lib-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "packageName": "jbossweb-lib", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.1.10-5.patch01.1.1.ep5.el5", "packageFilename": "jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm", "packageName": "jbossweb-servlet-2.5-api", "arch": "noarch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0-8.CP15.patch01.0jpp.ep1.1.el5", "packageFilename": "jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.src.rpm", "packageName": "jbossweb", "arch": "src", "operator": "lt"}], "description": "JBoss Web Server is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment platform\nfor the JavaServer Pages (JSP) and Java Servlet technologies.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJBoss Web Server to hang via a specially-crafted HTTP request.\n(CVE-2010-4476)\n\nUsers of JBoss Web Server should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. The JBoss server process\nmust be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-02-10T05:00:00", "type": "redhat", "title": "(RHSA-2011:0210) Important: jbossweb security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2016-04-04T18:31:15", "id": "RHSA-2011:0210", "href": "https://access.redhat.com/errata/RHSA-2011:0210", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:17:38", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-admin-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-jsp-2.0-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-jasper-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-jasper-eclipse-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-jasper-eclipse", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-server-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-common-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "src", "packageFilename": "tomcat5-5.5.28-12_patch_03.ep5.el5.src.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-jasper-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-parent-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-parent", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.5.28-12_patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat5-servlet-2.4-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nTomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. Tomcat must be restarted for this\nupdate to take effect.\n", "reporter": "RedHat", "published": "2011-03-10T05:00:00", "type": "redhat", "title": "(RHSA-2011:0349) Important: tomcat5 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2016-04-04T18:31:40", "id": "RHSA-2011:0349", "href": "https://access.redhat.com/errata/RHSA-2011:0349", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:17:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-docs-webapp-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-docs-webapp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-servlet-2.5-api-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-servlet-2.5-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "src", "packageFilename": "tomcat6-6.0.24-11.patch_03.ep5.el5.src.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-el-1.0-api-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-el-1.0-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-log4j-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-log4j", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-lib-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-lib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-javadoc-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-javadoc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-webapps-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-webapps", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-jsp-2.1-api-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-jsp-2.1-api", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "6.0.24-11.patch_03.ep5.el5", "arch": "noarch", "packageFilename": "tomcat6-admin-webapps-6.0.24-11.patch_03.ep5.el5.noarch.rpm", "packageName": "tomcat6-admin-webapps", "operator": "lt"}], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nTomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\nA flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote\nattacker could use this flaw to cause a denial of service (out-of-memory\ncondition) via a specially-crafted request containing a large NIO buffer\nsize request value. (CVE-2011-0534)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "reporter": "RedHat", "published": "2011-03-10T05:00:00", "type": "redhat", "title": "(RHSA-2011:0348) Important: tomcat6 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0534", "CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2016-04-04T18:31:43", "id": "RHSA-2011:0348", "href": "https://access.redhat.com/errata/RHSA-2011:0348", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:06:06", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "CVE ID: CVE-2010-4476\r\n\r\nIBM WebSphere Application Server (WAS)\u662f\u7531IBM\u9075\u7167\u5f00\u653e\u6807\u51c6\uff0c\u4f8b\u5982Java EE, XML \u8fd8\u6709Web Services\uff0c\u5f00\u53d1\u5e76\u53d1\u884c\u7684\u4e00\u79cd\u5e94\u7528\u670d\u52a1\u5668\u3002\u4e0e\u5176\u517c\u5bb9\u7684Web\u670d\u52a1\u5668\u5305\u62ec\uff1aApache HTTP Server\uff0cNetscape Enterprise Server\uff0cMicrosoft Internet Information Services (IIS)\u4ee5\u53caIBM HTTP Server\u3002\r\n\r\n\u8fd0\u884cz/OS\u7684IBM WAS\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672a\u6388\u6743\u7528\u6237\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u8bbf\u95eeWebSphere\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u5728WebSphere\u7528Local OS\u7528\u6237\u6ce8\u518c\u8868\u914d\u7f6e\u6216\u7528RACF\u9002\u914d\u5668\u914d\u7f6eFederated Repository\u65f6\u4f1a\u51fa\u73b0\u6b64\u95ee\u9898\u3002Local OS\u7528\u6237\u6ce8\u518c\u8868\u548c\u4f7f\u7528RACF\u9002\u914d\u5668\u7684Federated Repository\u4f7f\u7528SAF\u5b9e\u73b0\uff0c\u610f\u5473\u7740RACF\u4f7f\u7528\u548c\u76f8\u5bf9\u4ea7\u54c1\u7684\u4f7f\u7528\u90fd\u53d7\u5230\u5f71\u54cd\u3002\n\nIBM Websphere Application Server\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nIBM\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.ers.ibm.com/", "reporter": "Root", "published": "2011-04-02T00:00:00", "type": "seebug", "title": "IBM WebSphere Application Server\u672a\u9a8c\u8bc1\u8bbf\u95ee\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4476"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2011-04-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20439", "id": "SSV:20439", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "status": "details"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:39", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02746026\r\nVersion: 1\r\n\r\nHPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2011-04-12\r\nLast Updated: 2011-04-12\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be\r\nremotely exploited to create a Denial of Service (DoS).\r\n\r\nReferences: CVE-2010-4476\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nAny version of Java running on HP Network Node Manager i (NNMi) v8.1x and v9.0x for HP-UX, Linux, Solaris, and Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made two methods available to resolve the vulnerability. Customers can request hotfixes or use the FPupdater tool.\r\n\r\nHotfixes\r\n\r\nCustomers can request the following hotfixes by contacting the normal HP Services support channel.\r\n\r\nNNMi Version\r\n JDK\r\n Hotfix Number\r\n\r\nNNMi 9.0x\r\n JDK b\r\n QCCR1B87492\r\n\r\nNNMi 9.0x\r\n JDK nnm\r\n QCCR1B87433\r\n\r\nNNMi 8.1x\r\n JDK b\r\n QCCR1B87492\r\n\r\nNNMi 8.1x\r\n JDK nnm (nms on Windows)\r\n QCCR1B87491\r\n\r\nFPUpdater (Floating Point Updater)\r\n\r\nThe FPupdater tool can be used instead of applying hotfixes.\r\n\r\nTo download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool\r\n\r\nNote: NNMi has two JDKs to be updated. Before running the FPUpdater tool set the shell environment variable JRE_HOME as follows:\r\n\r\nNNMi Version\r\n JDK\r\n JRE_HOME for HP-UX, Linux, Solaris\r\n JRE_HOME for Windows\r\n\r\nNNMi 9.x\r\n JDK b\r\n /opt/OV/nonOV/jdk/b/jre\r\n {install_dir}\nonOV\jdk\b\jre\r\n\r\nNNMi 9.x\r\n JDK nnm\r\n /opt/OV/nonOV/jdk/nnm/jre\r\n {install_dir}\nonOV\jdk\nnm\jre\r\n\r\nNNMi 8.1x\r\n JDK b\r\n /opt/OV/nonOV/jdk/b/jre\r\n {install_dir}\nonOV\jdk\b\jre\r\n\r\nNNMi 8.1x\r\n JDK nnm (nms on Windows)\r\n /opt/OV/nonOV/jdk/nnm/jre\r\n {install_dir}\nonOV\jdk\nms\jre\r\n\r\nMANUAL ACTIONS: Yes - Update\r\n\r\nInstall the appropriate hotfix or update using FPUpdater\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by\r\nHP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see:\r\nhttps://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS (for HP-UX)\r\n\r\nFor HP-UX NNM 8.x and v9.x\r\n\r\nHP-UX B.11.31\r\nHP-UX B.11.23 (IA)\r\n=============\r\nHPOvNNM.HPNMSJBOSS\r\naction: install the appropriate hotfix or update using FPUpdater\r\n\r\nEND AFFECTED VERSIONS (for HP-UX)\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 12 April 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the\r\ncustomer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features\r\nof software products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information\r\ncontained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.\r\nHP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages\r\nresulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or\r\nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without\r\nwarranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or\r\nconsequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or\r\nsoftware restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products\r\nreferenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk2kX5sACgkQ4B86/C0qfVnGRwCgot7NFjfw2O2zBn2uPX3Q/SVW\r\nAewAoNWFcOq802uOl0MpL1CHVvxYZMNf\r\n=g6I8\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2011-04-14T00:00:00", "title": "[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:39", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-4476"], "modified": "2011-04-14T00:00:00", "id": "SECURITYVULNS:DOC:26127", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26127", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:41", "references": ["https://vulners.com/securityvulns/securityvulns:doc:26127", "https://vulners.com/securityvulns/securityvulns:doc:26070", "https://vulners.com/securityvulns/securityvulns:doc:27239", "https://vulners.com/securityvulns/securityvulns:doc:26171", "https://vulners.com/securityvulns/securityvulns:doc:26128"], "description": "No description provided", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-10-31T00:00:00", "title": "HP Network Node Manager i information leakage", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:41", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Network Node Manager i", "version": "9.0", "operator": "eq"}], "cvelist": ["CVE-2011-0895", "CVE-2011-0898", "CVE-2010-4476", "CVE-2011-1534", "CVE-2010-0738", "CVE-2011-0897"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:VULN:11567", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11567", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:40", "references": ["https://vulners.com/securityvulns/securityvulns:doc:25750", "https://vulners.com/securityvulns/securityvulns:doc:25747", "https://vulners.com/securityvulns/securityvulns:doc:25746", "https://vulners.com/securityvulns/securityvulns:doc:25748", "https://vulners.com/securityvulns/securityvulns:doc:25749"], "description": "Over 20 of different vulnerabilities.", "edition": 1, "reporter": "ORACLE", "published": "2011-02-17T00:00:00", "title": "Oracle Java multiple security vulnerabilities / OpenJDK", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:40", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Jre", "version": "6.0", "operator": "eq"}, {"name": "JDK", "version": "5.0", "operator": "eq"}, {"name": "JDK", "version": "6.0", "operator": "eq"}, {"name": "OpenJDK", "version": "6", "operator": "eq"}], "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2011-0706", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-02-17T00:00:00", "id": "SECURITYVULNS:VULN:11443", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11443", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:41", "references": ["https://vulners.com/securityvulns/securityvulns:doc:26249", "https://vulners.com/securityvulns/securityvulns:doc:26251", "https://vulners.com/securityvulns/securityvulns:doc:26283", "https://vulners.com/securityvulns/securityvulns:doc:26281", "https://vulners.com/securityvulns/securityvulns:doc:26245", "https://vulners.com/securityvulns/securityvulns:doc:26247", "https://vulners.com/securityvulns/securityvulns:doc:26280", "https://vulners.com/securityvulns/securityvulns:doc:26299", "https://vulners.com/securityvulns/securityvulns:doc:26244", "https://vulners.com/securityvulns/securityvulns:doc:26250", "https://vulners.com/securityvulns/securityvulns:doc:26203", "https://vulners.com/securityvulns/securityvulns:doc:26246", "https://vulners.com/securityvulns/securityvulns:doc:26248", "https://vulners.com/securityvulns/securityvulns:doc:26282"], "description": "73 vulnerabilities in different applications.", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-05-04T00:00:00", "title": "Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:41", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "JRockit", "version": "27.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise Portal", "version": "9.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.0", "operator": "eq"}, {"name": "Siebel CRM Core", "version": "7.8", "operator": "eq"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise Portal", "version": "8.8", "operator": "eq"}, {"name": "WebLogic Server", "version": "10.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise Portal", "version": "8.9", "operator": "eq"}, {"name": "PeopleSoft Enterprise People Tools", "version": "8.51", "operator": "eq"}, {"name": "Siebel CRM Core", "version": "8.1", "operator": "eq"}, {"name": "WebLogic Server", "version": "9.2", "operator": "eq"}, {"name": "WebLogic Server", "version": "10.3", "operator": "eq"}, {"name": "Oracle InForm", "version": "4.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise Portal", "version": "9.0", "operator": "eq"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "8.98", "operator": "eq"}, {"name": "JD Edwards OneWorld Tools", "version": "24.1", "operator": "eq"}, {"name": "WebLogic Server", "version": "8.1", "operator": "eq"}, {"name": "Oracle InForm", "version": "5.0", "operator": "eq"}, {"name": "Oracle E-Business Suite Release", "version": "12", "operator": "eq"}, {"name": "Cisco Security Agent", "version": "6.0", "operator": "eq"}, {"name": "Oracle Outside In Technology", "version": "8.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise CRM", "version": "8.9", "operator": "eq"}, {"name": "Agile Technology Platform", "version": "9.3", "operator": "eq"}], "cvelist": ["CVE-2011-0799", "CVE-2011-0412", "CVE-2011-0801", "CVE-2011-0808", "CVE-2011-0859", "CVE-2011-0856", "CVE-2011-0793", "CVE-2011-0791", "CVE-2010-3450", "CVE-2011-0837", "CVE-2011-0787", "CVE-2011-0821", "CVE-2011-0812", "CVE-2011-0827", "CVE-2011-0805", "CVE-2011-0846", "CVE-2011-0824", "CVE-2011-0807", "CVE-2010-4452", "CVE-2011-0810", "CVE-2011-0790", "CVE-2011-0851", "CVE-2011-0803", "CVE-2011-0798", "CVE-2010-3689", "CVE-2011-0820", "CVE-2011-0806", "CVE-2011-0809", "CVE-2011-0789", "CVE-2011-0841", "CVE-2011-0861", "CVE-2010-3451", "CVE-2011-0795", "CVE-2011-0834", "CVE-2011-0825", "CVE-2011-0823", "CVE-2011-0850", "CVE-2011-0860", "CVE-2011-0828", "CVE-2011-0858", "CVE-2011-0847", "CVE-2009-3555", "CVE-2010-3454", "CVE-2010-4476", "CVE-2011-0843", "CVE-2011-0849", "CVE-2011-0800", "CVE-2011-0826", "CVE-2011-0840", "CVE-2011-0857", "CVE-2011-0792", "CVE-2011-0818", "CVE-2010-4643", "CVE-2011-0853", "CVE-2011-0794", "CVE-2010-3453", "CVE-2011-0836", "CVE-2011-0839", "CVE-2011-0796", "CVE-2011-0833", "CVE-2011-0813", "CVE-2011-0804", "CVE-2011-0819", "CVE-2011-0844", "CVE-2011-0829", "CVE-2011-0855", "CVE-2011-0797", "CVE-2011-0411", "CVE-2011-0785", "CVE-2010-3452", "CVE-2011-0854"], "modified": "2011-05-04T00:00:00", "id": "SECURITYVULNS:VULN:11620", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11620", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:34", "references": ["https://rhn.redhat.com/errata/RHSA-2011-0336.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-webapps", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-server-lib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.src.rpm", "packageName": "tomcat5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.src.rpm", "packageName": "tomcat5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jasper", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-server-lib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-admin-webapps", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jsp-2.0-api", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jasper", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jasper-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-common-lib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-common-lib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-servlet-2.4-api", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-admin-webapps", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jasper-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-webapps", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2011:0336\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nTomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. Tomcat must be restarted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017319.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017320.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0336.html", "edition": 1, "reporter": "CentOS Project", "published": "2011-04-14T10:58:50", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "tomcat5 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "modified": "2011-04-14T10:58:50", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/017319.html", "id": "CESA-2011:0336", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:24:30", "references": ["https://rhn.redhat.com/errata/RHSA-2011-0214.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.el5", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2011:0214\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA denial of service flaw was found in the way certain strings were\nconverted to Double objects. A remote attacker could use this flaw to cause\nJava-based applications to hang, for instance if they parse Double values\nin a specially-crafted HTTP request. (CVE-2010-4476)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve this issue. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017311.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017312.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0214.html", "edition": 1, "reporter": "CentOS Project", "published": "2011-04-14T10:31:40", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "modified": "2011-04-14T10:31:40", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/017311.html", "id": "CESA-2011:0214", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:35", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-server-lib-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-server-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jsp-2.0-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jasper-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jasper", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-jasper-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "ia64", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-servlet-2.4-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-jsp-2.0-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "i386", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.i386.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-servlet-2.4-api-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "src", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.src.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "src", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.src.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "src", "packageFilename": "tomcat5-5.5.23-0jpp.17.el5_6.src.rpm", "packageName": "tomcat5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "5.5.23-0jpp.17.el5_6", "arch": "x86_64", "packageFilename": "tomcat5-common-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm", "packageName": "tomcat5-common-lib", "operator": "lt"}], "description": "[0:5.5.23-0jpp.17]\n- Resolves: rhbz 674599 JDK Double.parseDouble DoS", "edition": 3, "reporter": "Oracle", "published": "2011-03-09T00:00:00", "title": "tomcat5 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "modified": "2011-03-09T00:00:00", "id": "ELSA-2011-0336", "href": "http://linux.oracle.com/errata/ELSA-2011-0336.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:37:35", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.0.1.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.18.b17.0.1.el5", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.18.b17.0.1.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.36.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "[1.6.0.0-1.36.b17]\r\n- removed plugin. How it comes in?!\r\n- Resolves: rhbz#676295\r\n \n[1.6.0.0-1.33.b17]\r\n- bumped release number, it was accidentaly reduced, and now lower version then last one was released.\r\n- Resolves: rhbz#676295\r\n \n[1.6.0.0-1.22.b17]\r\n- Updated to 1.7.9 tarball\r\n- removed patch6, fixed upstrream\r\n- Resolves: rhbz#676295", "edition": 3, "reporter": "Oracle", "published": "2011-02-11T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "modified": "2011-02-11T00:00:00", "id": "ELSA-2011-0214", "href": "http://linux.oracle.com/errata/ELSA-2011-0214.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:38:52", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-lib-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-lib-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "src", "packageFilename": "tomcat6-6.0.24-24.el6_0.src.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "src", "packageFilename": "tomcat6-6.0.24-24.el6_0.src.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-docs-webapp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-docs-webapp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-jsp-2.1-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-jsp-2.1-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-log4j", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-log4j", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-servlet-2.5-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-servlet-2.5-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-el-2.1-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-24.el6_0", "arch": "noarch", "packageFilename": "tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm", "packageName": "tomcat6-el-2.1-api", "operator": "lt"}], "description": "[0:6.0.24-24]\n- Resolves: rhbz#674601\n- Removed wildcard in main %files that caused duplicate ownership\n- of log4j.properties\n[0:6.0.24-23]\n- Resolves: rhbz#674601\n- Reverse - tomcat user requires login shell\n- Reverse - rhbz 611244 tomcat-juli missing symlink\n- PM/QE decision to include only the security fixes. The rhbzs\n- will be taken care of during the rebase to 6.0.33.\n- Did not Reverse - rhbz 676922 - additionally instancs of tomcat are broken\n- Too many users depend upon it.\n[0:6.0.24-22]\n- Resolves - tomcat user requires login shell\n[0:6.0.24-21]\n- Resolves: 676922 - additionally created instances of tomcat\n- are broken\n[0:6.0.24-20]\n- Resolves: rbz# 676922\n- Resolves: init script LSB compliance\n- Resolves: multiple instances of tomcat.\n- Resolves: tomcat-juli missing symlink\n[0:6.0.24-18]\n- Resolves directory permission problems\n[0:6.0.24-17]\n- Resolves: CVE-2011-0534 rhbz#674601\n[0:6.0.24-16]\n- Resolves rhbz#674601 JDK Double.parseDouble DoS", "edition": 3, "reporter": "Oracle", "published": "2011-03-09T00:00:00", "title": "tomcat6 security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0534", "CVE-2010-4476"], "modified": "2011-03-09T00:00:00", "id": "ELSA-2011-0335", "href": "http://linux.oracle.com/errata/ELSA-2011-0335.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:37:35", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-el-2.1-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-el-2.1-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-jsp-2.1-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-jsp-2.1-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-admin-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-servlet-2.5-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-servlet-2.5-api", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "src", "packageFilename": "tomcat6-6.0.24-33.el6.src.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "src", "packageFilename": "tomcat6-6.0.24-33.el6.src.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-javadoc-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-javadoc-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-docs-webapp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-docs-webapp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-webapps-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-webapps-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-webapps", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-lib-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-lib-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6-lib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.0.24-33.el6", "arch": "noarch", "packageFilename": "tomcat6-6.0.24-33.el6.noarch.rpm", "packageName": "tomcat6", "operator": "lt"}], "description": "[6.0.24-33]\n- resolves: rhbz 695284 - multiple instances logging fiasco\n[6.0.24-32]\n- Resolves: rhbz 698624 - inet4address can't be cast to String\n[6.0.24-31]\n- Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error\n[6.0.24-30]\n- Resolves: rhbz#697504 initscript logging location\n[6.0.24-29]\n- Resolves: rhbz#656403, rhbz#675926, rhbz#676011\n- CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476,\n- CVE-2011-0534\n[6.0.24-28]\n- Resovles rhbz#695284 - wrapper logs to different locations\n- CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out \n- until needed.\n[6.0.24-27]\n- naming-factory-dbcp missing fix in tomcat6.conf\n- Add Obsoletes for log4j\n[6.0.24-26]\n- Add log4j to package lib. Corrected typo in log4 Provides\n- epock versus epoch\n[6.0.24-25]\n- Installed permissions do not allow tomcat to start\n- incrementing NVR so yum won't get confused with the zstream", "edition": 3, "reporter": "Oracle", "published": "2011-05-28T00:00:00", "title": "tomcat6 security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2011-0534", "CVE-2010-4476", "CVE-2010-3718"], "modified": "2011-05-28T00:00:00", "id": "ELSA-2011-0791", "href": "http://linux.oracle.com/errata/ELSA-2011-0791.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-04T01:02:07", "osvdbidlist": ["70965"], "references": [], "description": "Oracle Java Floating-Point Value Denial of Service Vulnerability. CVE-2010-4476. Dos exploits for multiple platform", "edition": 1, "reporter": "Konstantin Preisser", "published": "2011-02-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Oracle Java Floating-Point Value Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4476"], "modified": "2011-02-01T00:00:00", "id": "EDB-ID:35304", "href": "https://www.exploit-db.com/exploits/35304/", "sourceData": "source: http://www.securityfocus.com/bid/46091/info\r\n\r\nOracle Java is prone to a remote denial-of-service vulnerability.\r\n\r\nSuccessful attacks will cause applications written in Java to hang, creating a denial-of-service condition.\r\n\r\nThis issue affects both the Java compiler and Runtime Environment. \r\n\r\nSend a Java Program Into An Infinite Loop\r\n\r\nCompile this program and run it; the program will hang (at least it does on a 32-bit system with the latest JRE/JDK):\r\n\r\nclass runhang {\r\npublic static void main(String[] args) {\r\n System.out.println(\"Test:\");\r\n double d = Double.parseDouble(\"2.2250738585072012e-308\");\r\n System.out.println(\"Value: \" + d);\r\n }\r\n}\r\n\r\nSend the Java Compiler Into An Infinite Loop\r\n\r\nTry to compile this program; the compiler will hang:\r\n\r\nclass compilehang {\r\npublic static void main(String[] args) {\r\n double d = 2.2250738585072012e-308;\r\n System.out.println(\"Value: \" + d);\r\n }\r\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/35304/"}], "debian": [{"lastseen": "2018-10-16T22:13:52", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre-headless_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-jdk_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-jdk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre-zero_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "icedtea-6-jre-cacao_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre-lib_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-source_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-dbg_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-demo_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-demo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "openjdk-6-doc_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "openjdk-6-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.3-2+squeeze1", "arch": "all", "packageFilename": "icedtea6-plugin_6b18-1.8.3-2+squeeze1_all.deb", "packageName": "icedtea6-plugin", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2161-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 13, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : denial of service\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2010-4476\nDebian Bug : 612660\n\nIt was discovered that the floating point parser in OpenJDK, an\nimplementation of the Java platform, can enter an infinite loop when\nprocessing certain input strings. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack.\n\nFor the oldstable distribution (lenny), this problem will be fixed in\nversion 6b18-1.8.3-2~lenny1. For technical reasons, this update will\nbe released separately.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6b18-1.8.3-2+squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2011-02-13T20:27:31", "title": "[SECURITY] [DSA 2161-1] OpenJDK security update", "type": "debian", "enchantments": {}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4476"], "modified": "2011-02-13T20:27:31", "id": "DEBIAN:DSA-2161-1:DA560", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00026.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:35", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jre-headless_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-dbg_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-source_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jre-lib_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-demo_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-demo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-doc_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jdk_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-jdk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "icedtea6-plugin_6b18-1.8.3-2~lenny1_all.deb", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jre_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.3-2~lenny1", "arch": "all", "packageFilename": "openjdk-6_6b18-1.8.3-2~lenny1_all.deb", "packageName": "openjdk-6", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2161-2 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 14, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-4476 CVE-2009-3555\nDebian Bug : 612660\n\nIt was discovered that the floating point parser in OpenJDK, an\nimplementation of the Java platform, can enter an infinite loop when\nprocessing certain input strings. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack.\n\nFor the old stable distribution (lenny), this problem has been fixed\nin version 6b18-1.8.3-2~lenny1.\n\nNote that this update introduces an OpenJDK package based on the\nIcedTea release 1.8.3 into the old stable distribution. This\naddresses several dozen security vulnerabilities, most of which are\nonly exploitable by malicious mobile code. A notable exception is\nCVE-2009-3555, the TLS renegotiation vulnerability. This update\nimplements the protocol extension described in RFC 5746, addressing\nthis issue.\n\nThis update also includes a new version of Hotspot, the Java virtual\nmachine, which increases the default heap size on machines with\nseveral GB of RAM. If you run several JVMs on the same machine, you\nmight have to reduce the heap size by specifying a suitable -Xmx\nargument in the invocation of the "java" command.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2011-02-14T20:06:05", "title": "[SECURITY] [DSA 2161-2] OpenJDK security update", "type": "debian", "enchantments": {}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-4476"], "modified": "2011-02-14T20:06:05", "id": "DEBIAN:DSA-2161-2:41E9C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00029.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:44", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0706", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4465", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4471", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4470", "https://usn.ubuntu.com/usn/usn-1079-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4472"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b18-1.8.7-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b18-1.8.7-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b18-1.8.7-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}], "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 3, "reporter": "Ubuntu", "published": "2011-03-17T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-03-17T00:00:00", "id": "USN-1079-3", "href": "https://usn.ubuntu.com/1079-3/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:32", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0706", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4465", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4471", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4470", "https://usn.ubuntu.com/usn/usn-1079-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4472"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b18-1.8.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b18-1.8.7-0ubuntu1~10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b18-1.8.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b18-1.8.7-0ubuntu1~10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b18-1.8.7-0ubuntu1~10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b18-1.8.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}], "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 3, "reporter": "Ubuntu", "published": "2011-03-15T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-03-15T00:00:00", "id": "USN-1079-2", "href": "https://usn.ubuntu.com/1079-2/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:04", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0706", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4465", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4471", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4470", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4472"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}], "description": "It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 3, "reporter": "Ubuntu", "published": "2011-03-01T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-03-01T00:00:00", "id": "USN-1079-1", "href": "https://usn.ubuntu.com/1079-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:14:44", "references": ["http://download.novell.com/patch/finder/?keywords=70735f0d14f1f30c4417ee92ce6af04f", "https://bugzilla.novell.com/704326"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap", "packageFilename": "java-1_4_2-ibm-sap-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap-devel", "packageFilename": "java-1_4_2-ibm-sap-devel-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise for SAP Applications", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap-devel", "packageFilename": "java-1_4_2-ibm-sap-devel-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise for SAP Applications", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap", "packageFilename": "java-1_4_2-ibm-sap-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 1.4.2 SR13 for SAP fixes various bugs and the\n following security issues:\n\n * CVE-2010-4447\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447</a>\n >\n * CVE-2010-4448\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448</a>\n >\n * CVE-2010-4454\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454</a>\n >\n * CVE-2010-4462\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462</a>\n >\n * CVE-2010-4465\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465</a>\n >\n * CVE-2010-4466\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466</a>\n >\n * CVE-2010-4473\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473</a>\n >\n * CVE-2010-4475\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475</a>\n >\n * CVE-2010-4476\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476</a>\n >\n * CVE-2011-0311\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0311\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0311</a>\n >\n\n", "edition": 1, "reporter": "Suse", "published": "2011-07-22T05:08:11", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for IBM Java 1.4.2 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4447", "CVE-2010-4466", "CVE-2011-0311"], "modified": "2011-07-22T05:08:11", "id": "SUSE-SU-2011:0823-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:16", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-JRE", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.ppc64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.ppc64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-SDK", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-SDK", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-JRE", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}], "description": "IBM Java 1.4.2 was updated to SR 13 Fix Pack 9, fixing bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2011-05-13T13:10:27", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote code execution in java-1_4_2-ibm", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4447", "CVE-2010-4466", "CVE-2011-0311"], "modified": "2011-05-13T13:10:27", "id": "SUSE-SA:2011:024", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:42", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-src", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-src", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-src", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-src", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-src", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-src", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "i586", "operator": "lt"}], "description": "Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2011-02-22T14:41:11", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "remote code execution in java-1_6_0-sun", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-02-22T14:41:11", "id": "SUSE-SA:2011:010", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00005.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:47", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin-32bit", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-64bit-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ppc64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.ppc64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ppc64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.ppc64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-64bit-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-64bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}], "description": "IBM Java 6 was updated to SR9 FP1 was updated to fix a critical security bug in float number handling and also contains other security bugfixes.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2011-03-22T13:32:34", "title": "remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3553", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-3571", "CVE-2010-4476", "CVE-2010-4471", "CVE-2010-1321", "CVE-2010-4447", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-03-22T13:32:34", "id": "SUSE-SA:2011:014", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:33", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110206-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201111201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110214-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201203401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110204-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "3.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi410-201110201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201203406-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. ESX third party update for Service Console openssl RPM \nThe Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2011-10-27T00:00:00", "title": "VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2010-2054", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3563", "CVE-2010-3551", "CVE-2011-0802", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-3565", "CVE-2010-4180", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2011-0002", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-3541", "CVE-2011-0873", "CVE-2010-3571", "CVE-2010-3173", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2008-7270", "CVE-2011-0815", "CVE-2010-1321", "CVE-2010-3556", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2010-3554", "CVE-2010-3170", "CVE-2010-4470", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814"], "modified": "2012-03-29T00:00:00", "id": "VMSA-2011-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2011-0013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:03", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558", "https://bugs.gentoo.org/show_bug.cgi?id=387851", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551", "https://bugs.gentoo.org/show_bug.cgi?id=354213", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553", "https://bugs.gentoo.org/show_bug.cgi?id=340421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476", "https://bugs.gentoo.org/show_bug.cgi?id=370559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.29", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jdk", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.29", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jre-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.29", "packageFilename": "UNKNOWN", "packageName": "app-emulation/emul-linux-x86-java", "arch": "all", "operator": "lt"}], "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.6.0.29\"\n \n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.6.0.29\"\n \n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.6.0.29\"\n \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2011-11-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2011-3557", "CVE-2010-4468", "CVE-2010-3557", "CVE-2011-3551", "CVE-2010-3563", "CVE-2011-3549", "CVE-2010-3551", "CVE-2011-0802", "CVE-2011-0868", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2011-3561", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0869", "CVE-2010-3565", "CVE-2011-0863", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2011-3548", "CVE-2010-4422", "CVE-2011-3547", "CVE-2010-4469", "CVE-2011-3521", "CVE-2011-3389", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2011-3544", "CVE-2011-3553", "CVE-2010-4473", "CVE-2010-4474", "CVE-2011-3516", "CVE-2010-3541", "CVE-2011-3558", "CVE-2011-0873", "CVE-2010-3571", "CVE-2011-3555", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2011-0815", "CVE-2011-3546", "CVE-2010-3556", "CVE-2011-3554", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2011-3556", "CVE-2010-3554", "CVE-2010-4470", "CVE-2011-3560", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2011-3545", "CVE-2011-3552", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2011-3550", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814", "CVE-2011-0872"], "modified": "2011-11-05T00:00:00", "id": "GLSA-201111-02", "href": "https://security.gentoo.org/glsa/201111-02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:20", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450", "https://bugs.gentoo.org/show_bug.cgi?id=330205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548", "https://bugs.gentoo.org/show_bug.cgi?id=457206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868", "https://bugs.gentoo.org/show_bug.cgi?id=477210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778", "https://bugs.gentoo.org/show_bug.cgi?id=353418", "https://bugs.gentoo.org/show_bug.cgi?id=461714", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431", "https://bugs.gentoo.org/show_bug.cgi?id=312297", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555", "https://bugs.gentoo.org/show_bug.cgi?id=421031", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423", "https://bugs.gentoo.org/show_bug.cgi?id=387637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864", "https://bugs.gentoo.org/show_bug.cgi?id=354231", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470", "https://bugs.gentoo.org/show_bug.cgi?id=404095", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802", "https://bugs.gentoo.org/show_bug.cgi?id=438750", "https://bugs.gentoo.org/show_bug.cgi?id=429522", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563", "https://bugs.gentoo.org/show_bug.cgi?id=442478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569", "https://bugs.gentoo.org/show_bug.cgi?id=370787", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521", "https://bugs.gentoo.org/show_bug.cgi?id=489570", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089", "https://bugs.gentoo.org/show_bug.cgi?id=458410", "https://bugs.gentoo.org/show_bug.cgi?id=352035", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459", "https://bugs.gentoo.org/show_bug.cgi?id=466822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456", "https://bugs.gentoo.org/show_bug.cgi?id=355127", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552", "https://bugs.gentoo.org/show_bug.cgi?id=433389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420", "https://bugs.gentoo.org/show_bug.cgi?id=346799", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417", "https://bugs.gentoo.org/show_bug.cgi?id=340819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537", "https://bugs.gentoo.org/show_bug.cgi?id=508270", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "6.1.13.3", "packageFilename": "UNKNOWN", "packageName": "dev-java/icedtea-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-06-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2016-04-19T00:00:00", "id": "GLSA-201406-32", "href": "https://security.gentoo.org/glsa/201406-32", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:57", "references": [], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 73 new security fixes across all product families listed below.\n", "edition": 3, "reporter": "Oracle", "published": "2011-04-19T00:00:00", "title": "cpuapr2011", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle HTTP Server", "version": "10.1.2.3", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.3.5", "operator": "le"}, {"name": "Siebel CRM Core", "version": "8.1.1", "operator": "le"}, {"name": "OpenSSO Enterprise, Sun Java System Access Manager", "version": "7.1", "operator": "le"}, {"name": "Web ADI", "version": "12.1.3", "operator": "le"}, {"name": "Network Foundation", "version": "11.1.0.7", "operator": "le"}, {"name": "Web ADI", "version": "12.1.1", "operator": "le"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.51", "operator": "le"}, {"name": "Java Dynamic Management Kit", "version": "5.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.2.0", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "9.1", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.3.5.0", "operator": "le"}, {"name": "Oracle Open Office, StarOffice, StarSuite", "version": "3", "operator": "le"}, {"name": "Oracle Warehouse Builder", "version": "11.2.0.1", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "3.0.1", "operator": "le"}, {"name": "Oracle Open Office, StarOffice, StarSuite", "version": "8", "operator": "le"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.1", "operator": "le"}, {"name": "Network Foundation", "version": "11.2.0.2", "operator": "le"}, {"name": "OpenSSO Enterprise, Sun Java System Access Manager", "version": "8.0", "operator": "le"}, {"name": "Single Sign On", "version": "10.1.2.3", "operator": "le"}, {"name": "Oracle Warehouse Builder", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.2.4", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.2.0.4", "operator": "le"}, {"name": "Database Vault", "version": "11.2.0.2", "operator": "le"}, {"name": "Oracle iPlanet Web Server (Sun Java System Web Server)", "version": "7.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.4.3", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.4.0.1", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.49", "operator": "le"}, {"name": "Solaris", "version": "8", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM", "version": "8.9", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.3.2.0", "operator": "le"}, {"name": "InForm", "version": "4.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.2.3", "operator": "le"}, {"name": "Applications Install", "version": "12.0.6", "operator": "le"}, {"name": "Siebel CRM Core", "version": "8.0.0", "operator": "le"}, {"name": "Oracle JRockit", "version": "27.6.8", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.2.0.1", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.8", "operator": "le"}, {"name": "Database Vault", "version": "11.1.0.7", "operator": "le"}, {"name": "Portal", "version": "10.1.2.3", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "9.1", "operator": "le"}, {"name": "Application Object Library", "version": "11.5.10.2", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.9", "operator": "le"}, {"name": "Solaris", "version": "11", "operator": "le"}, {"name": "UIX", "version": "11.2.0.1", "operator": "le"}, {"name": "UIX", "version": "11.1.0.7", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.3", "operator": "le"}, {"name": "Network Foundation", "version": "10.2.0.4", "operator": "le"}, {"name": "Siebel CRM Core", "version": "7.8.2", "operator": "le"}, {"name": "Database Vault", "version": "11.2.0.1", "operator": "le"}, {"name": "Sun Java System Messaging Server", "version": "7.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.0.7", "operator": "le"}, {"name": "UIX", "version": "10.2.0.4", "operator": "le"}, {"name": "UIX", "version": "10.1.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "9.0", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle iPlanet Web Server (Sun Java System Web Server)", "version": "6.1", "operator": "le"}, {"name": "Sun Java System Access Manager Policy Agent", "version": "2.2", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "2.1", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Portal", "version": "11.1.1.2.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.2.0.2", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.2.0.5", "operator": "le"}, {"name": "InForm", "version": "4.6", "operator": "le"}, {"name": "Applications Install", "version": "11.5.10.2", "operator": "le"}, {"name": "Solaris", "version": "9", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.2", "operator": "le"}, {"name": "Oracle JRockit", "version": "5", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.49", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.3", "operator": "le"}, {"name": "Applications Install", "version": "12.1.3", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.2.3", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.50", "operator": "le"}, {"name": "Web ADI", "version": "12.1.2", "operator": "le"}, {"name": "InForm", "version": "5.0", "operator": "le"}, {"name": "Application Object Library", "version": "12.1.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "8.1.6", "operator": "le"}, {"name": "Application Service Level Management", "version": "11.1.0.7", "operator": "le"}, {"name": "Application Object Library", "version": "12.1.1", "operator": "le"}, {"name": "Agile Technology Platform", "version": "9.3.1", "operator": "le"}, {"name": "Applications Install", "version": "12.1.1", "operator": "le"}, {"name": "Network Foundation", "version": "10.1.0.5", "operator": "le"}, {"name": "Network Foundation", "version": "10.2.0.5", "operator": "le"}, {"name": "Web ADI", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.3.0", "operator": "le"}, {"name": "Web ADI", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.2.0.3", "operator": "le"}, {"name": "Application Object Library", "version": "12.0.6", "operator": "le"}, {"name": "Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.0.2", "operator": "le"}, {"name": "Sun Java System Messaging Server", "version": "6.3", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "2.1.1", "operator": "le"}, {"name": "Network Foundation", "version": "11.2.0.1", "operator": "le"}, {"name": "Applications Install", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Warehouse Builder", "version": "11.1.0.7", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "8.9", "operator": "le"}, {"name": "Agile Technology Platform", "version": "9.3.0.2", "operator": "le"}], "cvelist": ["CVE-2011-0799", "CVE-2011-0412", "CVE-2011-0801", "CVE-2011-0808", "CVE-2011-0859", "CVE-2011-0856", "CVE-2011-0793", "CVE-2011-0791", "CVE-2010-4468", "CVE-2010-3450", "CVE-2011-0837", "CVE-2011-0787", "CVE-2011-0821", "CVE-2011-0812", "CVE-2011-0827", "CVE-2011-0805", "CVE-2011-0846", "CVE-2011-0824", "CVE-2011-0807", "CVE-2010-4452", "CVE-2011-0810", "CVE-2011-0790", "CVE-2010-4462", "CVE-2011-0851", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0803", "CVE-2011-0798", "CVE-2010-3689", "CVE-2011-0820", "CVE-2010-4454", "CVE-2011-0806", "CVE-2010-4253", "CVE-2011-0809", "CVE-2011-0789", "CVE-2011-0841", "CVE-2011-0861", "CVE-2010-3451", "CVE-2011-0795", "CVE-2010-4450", "CVE-2011-0834", "CVE-2011-0825", "CVE-2011-0823", "CVE-2011-0850", "CVE-2010-4473", "CVE-2011-0860", "CVE-2011-0828", "CVE-2011-0858", "CVE-2011-0847", "CVE-2009-3555", "CVE-2010-3454", "CVE-2010-4476", "CVE-2010-4472", "CVE-2011-0843", "CVE-2010-4471", "CVE-2011-0849", "CVE-2011-0800", "CVE-2011-0826", "CVE-2011-0840", "CVE-2011-0857", "CVE-2011-0792", "CVE-2011-0818", "CVE-2010-4643", "CVE-2011-0853", "CVE-2011-0794", "CVE-2010-3453", "CVE-2011-0836", "CVE-2011-0839", "CVE-2010-4470", "CVE-2011-0796", "CVE-2011-0833", "CVE-2011-0813", "CVE-2011-0804", "CVE-2011-0819", "CVE-2011-0844", "CVE-2011-0829", "CVE-2011-0855", "CVE-2011-0797", "CVE-2011-0411", "CVE-2011-0785", "CVE-2010-3452", "CVE-2011-0854"], "modified": "2011-04-28T00:00:00", "id": "ORACLE:CPUAPR2011-301950", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
