CVE-2016-5018 - Vulnerability Details

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0097.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Tomcat

affected

Version	Status	Constraints
`9.0.0.M1 to 9.0.0.M9`	affected	—
`8.5.0 to 8.5.4`	affected	—
`8.0.0.RC1 to 8.0.36`	affected	—
`7.0.0 to 7.0.70`	affected	—
`6.0.0 to 6.0.45`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Configuration 2 [-]

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*

Configuration 3 [-]

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 6 [-]

cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
tomcat-0:7.0.76-2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:2247	2017-08-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2017:1551	2017-06-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5
hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:1550	2017-06-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1549	2017-06-20T00:00:00Z
jboss-ec2-eap-0:7.5.16-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:1552	2017-06-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:1548	2017-06-20T00:00:00Z
Red Hat JBoss Web Server 3.1
	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2017:0457	2017-03-07T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
jbcs-httpd24-0:1-3.jbcs.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat7-0:7.0.70-16.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat8-0:8.0.36-17.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat-native-0:1.2.8-9.redhat_9.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:0455	2017-03-07T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
jbcs-httpd24-0:1-3.jbcs.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat7-0:7.0.70-16.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat8-0:8.0.36-17.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat-native-0:1.2.8-9.redhat_9.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z
tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:0456	2017-03-07T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Apache Subscribe	Tomcat Subscribe
Canonical Subscribe	Ubuntu Linux Subscribe
Debian Subscribe	Debian Linux Subscribe
Netapp Subscribe	Oncommand Insight Subscribe Oncommand Shift Subscribe Snap Creator Framework Subscribe
Oracle Subscribe	Tekelec Platform Distribution Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Enterprise Linux Desktop Subscribe Enterprise Linux Eus Subscribe Enterprise Linux Server Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server Tus Subscribe Enterprise Linux Workstation Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Web Server Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-728-1	tomcat6 security update
Debian DLA	DLA-729-1	tomcat7 security update
Debian DLA	DLA-746-1	tomcat6 security update
Debian DLA	DLA-753-1	tomcat7 security update
Debian DSA	DSA-3720-1	tomcat8 security update
Debian DSA	DSA-3721-1	tomcat7 security update
EUVD	EUVD-2022-2445	In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
Github GHSA	GHSA-4v3g-g84w-hv7r	Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Ubuntu USN	USN-3177-1	Tomcat vulnerabilities
Ubuntu USN	USN-4557-1	Tomcat vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://rhn.redhat.com/errata/RHSA-2017-1551.html
http://www.debian.org/security/2016/dsa-3720
http://www.securityfocus.com/bid/93942
http://www.securitytracker.com/id/1037142
http://www.securitytracker.com/id/1038757
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://access.redhat.com/errata/RHSA-2017:1548
https://access.redhat.com/errata/RHSA-2017:1549
https://access.redhat.com/errata/RHSA-2017:1550
https://access.redhat.com/errata/RHSA-2017:1552
https://access.redhat.com/errata/RHSA-2017:2247
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2016-5018
https://security.netapp.com/advisory/ntap-20180605-0001/
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37
https://usn.ubuntu.com/4557-1/
https://www.cve.org/CVERecord?id=CVE-2016-5018
https://www.oracle.com/security-alerts/cpuoct2021.html

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-08-10T16:00:00Z

Updated: 2024-09-16T18:38:35.797Z

Reserved: 2016-05-24T00:00:00

Link: CVE-2016-5018

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-08-10T16:29:00.407

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-5018

Redhat

Severity : Low

Publid Date: 2016-10-27T00:00:00Z

Links: CVE-2016-5018 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object