{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T11:06:56", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"name": "RHSA-2015:0850", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc"}, {"name": "RHSA-2014:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"name": "RHSA-2015:0851", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"name": "RHSA-2014:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1564724"}, {"name": "RHSA-2014:1351", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0035", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2014:0798", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"name": "RHSA-2015:0850", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"name": "http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc"}, {"name": "RHSA-2014:0797", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"name": "RHSA-2015:0851", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"name": "RHSA-2014:0799", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1564724", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1564724"}, {"name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:58:26.618Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"name": "RHSA-2015:0850", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc"}, {"name": "RHSA-2014:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"name": "RHSA-2015:0851", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"name": "RHSA-2014:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1564724"}, {"name": "RHSA-2014:1351", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0035", "datePublished": "2014-07-07T14:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T08:58:26.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FB030A1-6479-4D24-95EB-B8821D09C2BA", "versionEndIncluding": "2.6.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4FC7D67-80A3-43F6-8D46-F13F37A017CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F069B04-FDA0-41C3-BCAC-C74A310078B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "EED986C6-39C6-4F2A-86F7-C2CE9BBE25B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "EE5CF2CB-B33D-4C51-84C3-8C10E3E26193", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7BACD3A8-2FEE-4CB7-9229-06679D6D8150", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "0835933D-4EA4-4C95-8964-984087537268", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "070739FD-9411-4BDB-A96F-3BC4A676A40F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "F80936AF-AB6F-4256-85D3-E6E3ADF574E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "CE6234A1-F4E4-44E0-B986-A8964DD52785", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "AF4FC26A-2767-4E57-BCDA-D55620692202", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "543E6D15-6C3B-4031-AB2F-2C828281FADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "896C1342-1B61-48E1-B915-65319A01661B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C629A8A7-BFB3-453B-9BCA-3873512410FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "346AF04F-E0C5-45EE-A421-2E1A4E2B57FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "29777E8F-4DB3-4E9E-9FF4-D13749A7C0AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA20A9DA-2BEB-4699-A8D4-A90EA036693F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "789F6EB3-43A8-4CFA-9A79-31AEDCF22344", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D97E063-EBB9-4676-8C51-0FF4455F3077", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "2BF1E39F-B945-46B4-BEF0-A26CF04C39E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C508FB9-835A-4240-9F61-21C1D73C00B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "1291D3AB-739F-4C5C-AE27-B3A09495E86C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "73090184-1733-4B10-867B-D1D7E125B437", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "82B6C055-25E2-4C78-ACA7-D722848BDBC4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."}, {"lang": "es", "value": "SymmetricBinding en Apache CXF anterior a 2.6.13 y 2.7.x anterior a 2.7.10, cuando EncryptBeforeSigning est\u00e1 habilitado y la pol\u00edtica UsernameToken est\u00e1 configurada en un EncryptedSupportingToken, transmite el UsernameToken en texto claro, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la captura de trafico de la red."}], "id": "CVE-2014-0035", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-07T14:55:03.397", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1564724"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1564724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1351", "cpe": "cpe:/a:redhat:jboss_amq:6.1.0", "product_name": "Red Hat JBoss A-MQ 6.1", "release_date": "2014-10-01T00:00:00Z"}, {"advisory": "RHSA-2015:0851", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0850", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2014:0797", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.2.4", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "apache-cxf-0:2.7.11-3.redhat_3.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "hibernate4-eap6-0:4.2.7-9.SP5_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-aesh-0:0.33.12-1.redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-bundles-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cli-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-client-all-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-clustering-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cmp-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-connector-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-client-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-core-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-core-security-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-repository-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-scanner-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-domain-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-http-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-management-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-deployment-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ejb3-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-embedded-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-host-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jacorb-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-javadocs-0:7.3.4-1.Final_redhat_1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxr-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxrs-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jdr-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jpa-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsf-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsr77-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-logging-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-mail-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-management-client-content-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-messaging-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-modcluster-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-modules-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-naming-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-network-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-service-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-platform-mbean-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-pojo-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-process-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-product-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-protocol-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-remoting-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-sar-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-security-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-server-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-standalone-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-system-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-threads-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-transactions-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-version-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-web-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-webservices-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-welcome-content-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-weld-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-xts-0:7.3.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-security-negotiation-0:2.2.10-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossts-1:4.17.15-5.Final_redhat_5.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossweb-0:7.3.2-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-xnio-base-0:3.0.10-1.GA_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "picketbox-0:4.0.19-8.SP8_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "resteasy-0:2.3.7.2-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "weld-core-0:1.1.17-4.SP3_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0798", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "wss4j-0:1.6.15-1.redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "apache-cxf-0:2.7.11-3.redhat_3.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "hibernate4-eap6-0:4.2.7-9.SP5_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-aesh-0:0.33.12-1.redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-appclient-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-bundles-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cli-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-client-all-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-clustering-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cmp-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-connector-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-client-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-core-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-core-security-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-repository-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-scanner-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-domain-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-http-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-management-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-deployment-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ejb3-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-embedded-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-host-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jacorb-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-javadocs-0:7.3.4-1.Final_redhat_1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxr-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxrs-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jdr-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jpa-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsf-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsr77-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-logging-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-mail-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-management-client-content-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-messaging-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-modcluster-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-modules-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-naming-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-network-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-configadmin-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-service-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-platform-mbean-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-pojo-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-process-controller-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-product-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-protocol-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-remoting-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-sar-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-security-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-server-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-standalone-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-system-jmx-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-threads-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-transactions-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-version-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-web-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-webservices-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-welcome-content-eap-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-weld-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-xts-0:7.3.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-security-negotiation-0:2.2.10-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossts-1:4.17.15-5.Final_redhat_5.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossweb-0:7.3.2-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-xnio-base-0:3.0.10-1.GA_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "picketbox-0:4.0.19-8.SP8_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "resteasy-0:2.3.7.2-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "weld-core-0:1.1.17-4.SP3_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0799", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "wss4j-0:1.6.15-1.redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:1351", "cpe": "cpe:/a:redhat:jboss_fuse:6.1.0", "product_name": "Red Hat JBoss Fuse 6.1", "release_date": "2014-10-01T00:00:00Z"}, {"advisory": "RHSA-2015:1009", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.2", "product_name": "Red Hat JBoss Portal 6.2", "release_date": "2015-05-14T00:00:00Z"}], "bugzilla": {"description": "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy", "id": "1093530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093530"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-522", "details": ["The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.", "It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF."], "name": "CVE-2014-0035", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "amq-6.1", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "amq-7.1", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-6.1", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "fuse-7.1", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2014-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0035\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0035"], "threat_severity": "Low"}

{}