{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T11:06:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"}, {"name": "68441", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68441"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1551228"}, {"name": "RHSA-2015:0850", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"name": "RHSA-2014:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"name": "RHSA-2015:0851", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"name": "RHSA-2014:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"name": "RHSA-2014:1351", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0034", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2014:0798", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"name": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"}, {"name": "68441", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68441"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1551228", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1551228"}, {"name": "RHSA-2015:0850", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"name": "RHSA-2014:0797", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"name": "RHSA-2015:0851", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"name": "RHSA-2014:0799", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:58:26.633Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"}, {"name": "68441", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68441"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1551228"}, {"name": "RHSA-2015:0850", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"name": "RHSA-2014:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"name": "RHSA-2015:0851", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"name": "RHSA-2014:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"name": "RHSA-2014:1351", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0034", "datePublished": "2014-07-07T14:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T08:58:26.633Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "matchCriteriaId": "228423B2-AA38-4BBE-866D-158F7BBB76E0", "versionEndIncluding": "2.6.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4FC7D67-80A3-43F6-8D46-F13F37A017CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F069B04-FDA0-41C3-BCAC-C74A310078B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "EED986C6-39C6-4F2A-86F7-C2CE9BBE25B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "EE5CF2CB-B33D-4C51-84C3-8C10E3E26193", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7BACD3A8-2FEE-4CB7-9229-06679D6D8150", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "0835933D-4EA4-4C95-8964-984087537268", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "070739FD-9411-4BDB-A96F-3BC4A676A40F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "F80936AF-AB6F-4256-85D3-E6E3ADF574E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "CE6234A1-F4E4-44E0-B986-A8964DD52785", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "AF4FC26A-2767-4E57-BCDA-D55620692202", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "543E6D15-6C3B-4031-AB2F-2C828281FADA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "82B6C055-25E2-4C78-ACA7-D722848BDBC4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C629A8A7-BFB3-453B-9BCA-3873512410FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "346AF04F-E0C5-45EE-A421-2E1A4E2B57FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "29777E8F-4DB3-4E9E-9FF4-D13749A7C0AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA20A9DA-2BEB-4699-A8D4-A90EA036693F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "789F6EB3-43A8-4CFA-9A79-31AEDCF22344", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D97E063-EBB9-4676-8C51-0FF4455F3077", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "2BF1E39F-B945-46B4-BEF0-A26CF04C39E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C508FB9-835A-4240-9F61-21C1D73C00B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "1291D3AB-739F-4C5C-AE27-B3A09495E86C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token."}, {"lang": "es", "value": "SecurityTokenService (STS) en Apache CXF anterior a 2.6.12 y 2.7.x anterior a 2.7.9 no valida debidamente los tokens SAML cuando el cacheo est\u00e1 habilitado, lo que permite a atacantes remotos ganar acceso a trav\u00e9s de un token SAML inv\u00e1lido."}], "id": "CVE-2014-0034", "lastModified": "2023-11-07T02:18:05.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-07T14:55:03.347", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1551228"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/68441"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1351", "cpe": "cpe:/a:redhat:jboss_amq:6.1.0", "product_name": "Red Hat JBoss A-MQ 6.1", "release_date": "2014-10-01T00:00:00Z"}, {"advisory": "RHSA-2015:0851", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0850", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2014:0797", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.2.4", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "apache-cxf-0:2.7.11-3.redhat_3.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "hibernate4-eap6-0:4.2.7-9.SP5_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-aesh-0:0.33.12-1.redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-bundles-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cli-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-client-all-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-clustering-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cmp-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-connector-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-client-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-core-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-core-security-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-repository-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-scanner-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-domain-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-http-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-management-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-deployment-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ejb3-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-embedded-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-host-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jacorb-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-javadocs-0:7.3.4-1.Final_redhat_1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxr-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxrs-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jdr-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jpa-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsf-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsr77-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-logging-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-mail-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-management-client-content-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-messaging-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-modcluster-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-modules-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-naming-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-network-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-service-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-platform-mbean-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-pojo-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-process-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-product-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-protocol-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-remoting-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-sar-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-security-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-server-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-standalone-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-system-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-threads-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-transactions-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-version-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-web-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-webservices-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-welcome-content-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-weld-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-xts-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-security-negotiation-0:2.2.10-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossts-1:4.17.15-5.Final_redhat_5.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossweb-0:7.3.2-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-xnio-base-0:3.0.10-1.GA_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "picketbox-0:4.0.19-8.SP8_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "resteasy-0:2.3.7.2-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "weld-core-0:1.1.17-4.SP3_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "wss4j-0:1.6.15-1.redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "apache-cxf-0:2.7.11-3.redhat_3.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "hibernate4-eap6-0:4.2.7-9.SP5_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-aesh-0:0.33.12-1.redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-bundles-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cli-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-client-all-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-clustering-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cmp-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-connector-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-client-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-core-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-core-security-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-repository-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-scanner-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-domain-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-http-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-management-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-deployment-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ejb3-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-embedded-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-host-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jacorb-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-javadocs-0:7.3.4-1.Final_redhat_1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxr-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxrs-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jdr-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jpa-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsf-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsr77-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-logging-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-mail-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-management-client-content-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-messaging-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-modcluster-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-modules-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-naming-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-network-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-service-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-platform-mbean-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-pojo-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-process-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-product-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-protocol-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-remoting-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-sar-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-security-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-server-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-standalone-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-system-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-threads-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-transactions-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-version-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-web-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-webservices-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-welcome-content-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-weld-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-xts-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-security-negotiation-0:2.2.10-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossts-1:4.17.15-5.Final_redhat_5.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossweb-0:7.3.2-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-xnio-base-0:3.0.10-1.GA_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "picketbox-0:4.0.19-8.SP8_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "resteasy-0:2.3.7.2-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "weld-core-0:1.1.17-4.SP3_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "wss4j-0:1.6.15-1.redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:1351", "cpe": "cpe:/a:redhat:jboss_fuse:6.1.0", "product_name": "Red Hat JBoss Fuse 6.1", "release_date": "2014-10-01T00:00:00Z"}, {"advisory": "RHSA-2015:1009", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.2", "product_name": "Red Hat JBoss Portal 6.2", "release_date": "2015-05-14T00:00:00Z"}], "bugzilla": {"description": "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid", "id": "1093529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093529"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-345", "details": ["The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.", "It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens."], "name": "CVE-2014-0034", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "amq-6.1", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-6.1", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2014-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0034\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0034"], "threat_severity": "Moderate", "upstream_fix": "cxf 2.6.14, cxf 2.7.11"}