CVE-2016-5018 - Vulnerability Details

- tomcat: security manager bypass via IntrospectHelper utility function

Description

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Published: 2017-08-10

Score: 9.1 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Tomcat

affected

Version	Status	Constraints
`9.0.0.M1 to 9.0.0.M9`	affected	—
`8.5.0 to 8.5.4`	affected	—
`8.0.0.RC1 to 8.0.36`	affected	—
`7.0.0 to 7.0.70`	affected	—
`6.0.0 to 6.0.45`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Configuration 2 [-]

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*

Configuration 3 [-]

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 6 [-]

cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
tomcat-0:7.0.76-2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:2247	2017-08-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2017:1551	2017-06-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5
hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-ec2-eap-0:7.5.16-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1552	2017-06-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
Red Hat JBoss Web Server 3.1
	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2017:0457	2017-03-07T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
jbcs-httpd24-0:1-3.jbcs.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat7-0:7.0.70-16.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat8-0:8.0.36-17.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat-native-0:1.2.8-9.redhat_9.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
jbcs-httpd24-0:1-3.jbcs.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat7-0:7.0.70-16.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat8-0:8.0.36-17.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat-native-0:1.2.8-9.redhat_9.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-728-1	tomcat6 security update
Debian DLA	DLA-729-1	tomcat7 security update
Debian DLA	DLA-746-1	tomcat6 security update
Debian DLA	DLA-753-1	tomcat7 security update
Debian DSA	DSA-3720-1	tomcat8 security update
Debian DSA	DSA-3721-1	tomcat7 security update
EUVD	EUVD-2022-2445	In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
Github GHSA	GHSA-4v3g-g84w-hv7r	Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Ubuntu USN	USN-3177-1	Tomcat vulnerabilities
Ubuntu USN	USN-4557-1	Tomcat vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00936.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://rhn.redhat.com/errata/RHSA-2017-1551.html
http://www.debian.org/security/2016/dsa-3720
http://www.securityfocus.com/bid/93942
http://www.securitytracker.com/id/1037142
http://www.securitytracker.com/id/1038757
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://access.redhat.com/errata/RHSA-2017:1548
https://access.redhat.com/errata/RHSA-2017:1549
https://access.redhat.com/errata/RHSA-2017:1550
https://access.redhat.com/errata/RHSA-2017:1552
https://access.redhat.com/errata/RHSA-2017:2247
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2016-5018
https://security.netapp.com/advisory/ntap-20180605-0001/
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37
https://usn.ubuntu.com/4557-1/
https://www.cve.org/CVERecord?id=CVE-2016-5018
https://www.oracle.com/security-alerts/cpuoct2021.html

History

No history.

Subscriptions

Apache Tomcat

Canonical Ubuntu Linux

Debian Debian Linux

Netapp Oncommand Insight Oncommand Shift Snap Creator Framework

Oracle Tekelec Platform Distribution

Redhat Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Jboss Enterprise Application Platform Jboss Enterprise Web Server

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-08-10T16:00:00.000Z

Updated: 2024-09-16T18:38:35.797Z

Reserved: 2016-05-24T00:00:00.000Z

Link: CVE-2016-5018

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-08-10T16:29:00.407

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-5018

Redhat

Severity : Low

Publid Date: 2016-10-27T00:00:00Z

Links: CVE-2016-5018 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object