{"containers": {"cna": {"affected": [{"product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "9.0.0.M1 to 9.0.0.M20"}, {"status": "affected", "version": "8.5.0 to 8.5.14"}, {"status": "affected", "version": "8.0.0.RC1 to 8.0.43"}, {"status": "affected", "version": "7.0.0 to 7.0.77"}]}], "datePublic": "2017-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method."}], "problemTypes": [{"descriptions": [{"description": "Security Constrainy Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T16:09:07", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "DSA-3891", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3891"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"}, {"name": "98888", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98888"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:3080", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"name": "RHSA-2017:1801", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1801"}, {"name": "RHSA-2017:2635", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2635"}, {"name": "RHSA-2017:2638", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2638"}, {"name": "RHSA-2017:2494", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2494"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "[tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "RHSA-2017:2636", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2636"}, {"name": "RHSA-2017:1809", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1809"}, {"name": "RHSA-2017:2637", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2637"}, {"name": "1038641", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038641"}, {"name": "DSA-3892", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3892"}, {"name": "RHSA-2017:2633", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2633"}, {"name": "RHSA-2017:1802", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1802"}, {"name": "RHSA-2017:2493", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2493"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2017-5664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Tomcat", "version": {"version_data": [{"version_value": "9.0.0.M1 to 9.0.0.M20"}, {"version_value": "8.5.0 to 8.5.14"}, {"version_value": "8.0.0.RC1 to 8.0.43"}, {"version_value": "7.0.0 to 7.0.77"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Security Constrainy Bypass"}]}]}, "references": {"reference_data": [{"name": "DSA-3891", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3891"}, {"name": "https://security.netapp.com/advisory/ntap-20171019-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"}, {"name": "98888", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98888"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:3080", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"name": "RHSA-2017:1801", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1801"}, {"name": "RHSA-2017:2635", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2635"}, {"name": "RHSA-2017:2638", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2638"}, {"name": "RHSA-2017:2494", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2494"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "[tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E"}, {"name": "RHSA-2017:2636", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2636"}, {"name": "RHSA-2017:1809", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1809"}, {"name": "RHSA-2017:2637", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2637"}, {"name": "1038641", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038641"}, {"name": "DSA-3892", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3892"}, {"name": "RHSA-2017:2633", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2633"}, {"name": "RHSA-2017:1802", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1802"}, {"name": "RHSA-2017:2493", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2493"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:11:48.039Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3891", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3891"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"}, {"name": "98888", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98888"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:3080", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"name": "RHSA-2017:1801", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1801"}, {"name": "RHSA-2017:2635", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2635"}, {"name": "RHSA-2017:2638", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2638"}, {"name": "RHSA-2017:2494", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2494"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "[tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "RHSA-2017:2636", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2636"}, {"name": "RHSA-2017:1809", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1809"}, {"name": "RHSA-2017:2637", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2637"}, {"name": "1038641", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038641"}, {"name": "DSA-3892", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3892"}, {"name": "RHSA-2017:2633", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2633"}, {"name": "RHSA-2017:1802", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1802"}, {"name": "RHSA-2017:2493", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2493"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-5664", "datePublished": "2017-06-06T14:00:00", "dateReserved": "2017-01-29T00:00:00", "dateUpdated": "2024-08-05T15:11:48.039Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "matchCriteriaId": "81A31CA0-A209-4C49-AA06-C38E165E5B68", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "matchCriteriaId": "0AA563BF-A67A-477D-956A-167ABEF885C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*", "matchCriteriaId": "6F1B937B-57E0-4E88-9E39-39012A924525", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "49DD9544-6424-41A6-AEC0-EC19B8A10E71", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "E4670E65-2E11-49A4-B661-57C2F60D411F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "5E8FF71D-4710-4FBB-9925-A6A26C450F7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "31002A23-4788-4BC7-AE11-A3C2AA31716D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "7144EDDF-8265-4642-8EEB-ED52527E0A26", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "DF06B5C1-B9DD-4673-A101-56E1E593ACDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "7D731065-626B-4425-8E49-F708DD457824", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "B3D850EA-E537-42C8-93B9-96E15CB26747", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "E037DA05-2BEF-4F64-B8BB-307247B6A05C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "BCAF1EB5-FB34-40FC-96ED-9D073890D8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "D395D95B-1F4A-420E-A0F6-609360AF7B69", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "9BD221BA-0AB6-4972-8AD9-5D37AC07762F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "E55B6565-96CB-4F6A-9A80-C3FB82F30546", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "D3300AFE-49A4-4904-B9A0-5679F09FA01E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "ED5125CC-05F9-4678-90DB-A5C7CD24AE6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "1B904C74-B92E-4EAE-AE6C-78E2B844C3DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "matchCriteriaId": "B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "2C6109D1-BC36-40C5-A02A-7AEBC949BAC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "DA8A7333-B4C3-4876-AE01-62F2FD315504", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "92993E23-D805-407B-8B87-11CEEE8B212F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "7A11BD74-305C-41E2-95B1-5008EEF5FA5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "595442D0-9DB7-475A-AE30-8535B70E122E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "4B0BA92A-0BD3-4CE4-9465-95E949104BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "matchCriteriaId": "6F944B72-B9EB-4EB8-AEA3-E0D7ADBE1305", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "matchCriteriaId": "6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "matchCriteriaId": "BFD3EB84-2ED2-49D4-8BC9-6398C2E46F0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "matchCriteriaId": "DEDF6E1A-0DD6-42AB-9510-F6F4B6002C91", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "matchCriteriaId": "C947E549-2459-4AFB-84A7-36BDA30B5F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*", "matchCriteriaId": "67A0EA46-5AEA-4D0A-B89E-6560FA10EC08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*", "matchCriteriaId": "F8E9453E-BC9B-4F77-85FA-BA15AC55C245", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*", "matchCriteriaId": "A7EF0518-73F9-47DB-8946-A8334936BEFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*", "matchCriteriaId": "95AA8778-7833-4572-A71B-5FD89938CE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*", "matchCriteriaId": "242E47CE-EF69-4F8F-AB40-5AF2811674CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*", "matchCriteriaId": "A225D4F7-174E-47C3-8390-C6FA28DB5A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*", "matchCriteriaId": "CDA1555C-E55A-4E14-B786-BFEE3F09220B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*", "matchCriteriaId": "6BAC42AE-B82A-4ABF-9519-B2D97D925707", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*", "matchCriteriaId": "F8075E9A-DA7F-4A0B-8B4D-0CD951369111", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*", "matchCriteriaId": "335A5320-6086-4B45-9903-82F6F92A584F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "46B33408-C2E2-4E7C-9334-6AB98F13468C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*", "matchCriteriaId": "9F036676-9EFB-4A92-828E-A38905D594E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*", "matchCriteriaId": "E9728EE8-6029-4DF3-942E-E4ACC09111A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*", "matchCriteriaId": "62DBB843-288C-4060-8777-6CDCF1860D29", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*", "matchCriteriaId": "34E7DAC8-8419-45D1-A28F-14CF2FE1B6EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*", "matchCriteriaId": "89B87EB5-4902-4C2A-878A-45185F7D0FA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*", "matchCriteriaId": "C0596E6C-9ACE-4106-A2FF-BED7967C323F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*", "matchCriteriaId": "8F7158DC-966B-4508-8600-40E3E9D3D0DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*", "matchCriteriaId": "A190FE0D-86C1-49EE-BDAE-5879C32BDC92", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*", "matchCriteriaId": "CA20F45F-01A2-43DD-9731-DFF54E31719F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*", "matchCriteriaId": "3C7A728B-59DB-4EDE-8929-C91F4C410902", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*", "matchCriteriaId": "26889291-3280-4524-8F4A-9B22FF4600C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*", "matchCriteriaId": "6E4CAEBD-0F38-4892-9D0B-9D7392E0BCC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:*", "matchCriteriaId": "61C4DA00-E47C-47BE-856C-7E0D4B0F9DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:*", "matchCriteriaId": "41FF234B-A9AD-4C51-8E9E-939DC8ECB64A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4752862B-7D26-4285-B8A0-CF082C758353", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "matchCriteriaId": "58EA7199-3373-4F97-9907-3A479A02155E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F963D737-2E95-4D7C-92C7-DACF3F36D1E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "2BBBC5EA-012C-4C5D-A61B-BAF134B300DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A358FDF-C249-4D7A-9445-8B9E7D9D40AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C4DB619-F6B0-4896-9AE2-7E7D92105577", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AFF96F96-34DB-4EB3-BF59-11220673FA26", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "44883383-6360-4BE6-9B48-1308F85E5797", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "EDF3E379-47D2-4C86-8C6D-8B3C25A0E1C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E82391BD-10FF-4E7F-91DC-35AA11325530", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "92C22F12-C072-4A12-A4A9-CBF589A36FF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "6A776B25-6AF1-421B-8E47-2A7499F6B4D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "7A332FDE-42AE-4F48-9553-5AE953CD6D3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "701424A2-BB06-44B5-B468-7164E4F95529", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "1BA6388C-5B6E-4651-8AE3-EBCCF61C27E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "A63FA521-9D20-49B9-A9A4-0DF891B4E4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "8F9A5B7E-33A9-4651-9BE1-371A0064B661", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "F99252E8-A59C-48E1-B251-718D7FB3E399", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "9D05293B-B9D8-42F1-9367-9D2E058EFAD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "4E0DDEF6-A8EE-46C4-A046-A1F26E7C4E87", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "14B38892-9C00-4510-B7BA-F2A8F2CACCAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "8C913AA6-2260-4249-BE1D-7139F45735D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "7409B064-D43E-489E-AEC6-0A767FB21737", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "F019268F-80C4-48FE-8164-E9DA0A3BAFF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "1EFBD214-FCFE-4F04-A903-66EFDA764B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "425D86B3-6BB9-410D-8125-F7CF87290AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "3EE3BB0D-1002-41E4-9BE8-875D97330057", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "25D0E80B-EDDA-4876-912D-44BFE6211EB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "6622472B-8644-4D45-A54B-A215C3D64B83", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "B338F95B-2924-435B-827F-E64420A93244", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "209D1349-7740-4DBE-80A5-E6343C62BAB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "09E77C24-C265-403D-A193-B3739713F6B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "28616FA3-9A98-4AAE-9F94-3E77A14156EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "335925DA-11C0-4222-B6B7-82602B361751", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "603A14BF-72BB-4A3D-8CBC-932DC45CEC06", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "4C2E1C55-3C89-4F26-A981-1195BCC9BB5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "FC242407-A447-4ABD-8E19-EB6DB1F35121", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "31BB906B-812F-462C-9AEE-147C1418D865", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "0B701E17-D231-44ED-A46E-C67749A725B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "B8CAF2F7-D227-4F06-B0E6-533C5EDB105B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "305B73CE-0224-4E73-8EB2-FC41A62FBA08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*", "matchCriteriaId": "D0DBF476-D7BB-4FC8-89FE-FF0CD135E9BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "BC866C53-0C6B-4D0B-A168-D3985B1CF0F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "290B0787-49F1-41FB-9AFD-36646FB16CA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "1B741F4F-E52B-43CD-A9CC-6AC46B2DE111", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "BB7A8369-183D-4C00-B2B2-0F81DA153C4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "69A7FC28-A0EC-4516-9776-700343D2F4DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "18814653-6D44-47D9-A2F5-89C5AFB255F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4D811A9-4988-4C11-AA27-F5BE2B93D8D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAEF824D-7E95-4BC1-8DBB-787DCE595E21", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "97F4A2B3-DB1D-4D0B-B5FF-7EE2A0D291BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "0B461D5A-1208-498F-B551-46C6D514AC2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "598E5D91-0165-4D55-9EDD-EBB5AAAD1172", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "4B6B61B7-09A3-41C8-8333-0417C14CC87E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "95A139BA-CD3C-42F5-88BA-BE7BE58246D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "876EADA5-60AD-4849-BE10-61C75AA75053", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "1814F8DE-2060-411F-9FCC-6EC42AF5663D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "1AF6DBF7-BB0A-4AE6-84DA-51428ACF47CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "A34F72ED-04FE-4EDE-BB18-BE8B1E99EEF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "3245C35C-02E7-46B9-A720-37D3C17AFDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*", "matchCriteriaId": "F4239A72-EFA1-49E3-8755-5961060F2198", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method."}, {"lang": "es", "value": "El mecanismo de p\u00e1gina de error en Java Servlet Specification requiere que, cuando ocurre un error y se configura una p\u00e1gina de error para ese fallo que ha ocurrido, la petici\u00f3n original y la respuesta se env\u00edan a la p\u00e1gina de error. Esto significa que la petici\u00f3n se presenta en la p\u00e1gina de error con el m\u00e9todo HTTP original. Si la p\u00e1gina de error es un archivo est\u00e1tico, el comportamiento esperado es que sirva contenido del archivo como si estuviese procesando una petici\u00f3n GET, independientemente del m\u00e9todo HTTP que se emplee realmente. El Servlet por defecto en Apache Tomcat 9.0.0.M1 a 9.0.0.M20, 8.5.0 a 8.5.14, 8.0.0.RC1 a 8.0.43 y 7.0.0 a 7.0.77 no hizo esto. Dependiendo de la petici\u00f3n original, esto podr\u00eda conducir a resultados inesperados y no deseados para p\u00e1ginas est\u00e1ticas de error incluyendo, si DefaultServlet se configura para permitir escrituras, el remplazo o eliminaci\u00f3n de la p\u00e1gina de error personalizada. Notas para otras p\u00e1ginas de error proporcionadas por el usuario: (1) A no se que se programe de otra forma, los JSPs ignoran el m\u00e9todo HTTP. Los JSP empleados como p\u00e1ginas de error deben asegurarse de que gestionan cualquier env\u00edo de errores como petici\u00f3n GET, independientemente del m\u00e9todo que se emplee realmente. (2) Por defecto, la respuesta que genera un Servlet depende del m\u00e9todo HTTP. Los Servlets personalizados empleados como p\u00e1ginas de error deben asegurarse de que gestionan cualquier env\u00edo de errores como petici\u00f3n GET, independientemente del m\u00e9todo que se emplee realmente."}], "id": "CVE-2017-5664", "lastModified": "2023-12-08T16:41:18.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-06T14:29:00.937", "references": [{"source": "security@apache.org", "url": "http://www.debian.org/security/2017/dsa-3891"}, {"source": "security@apache.org", "url": "http://www.debian.org/security/2017/dsa-3892"}, {"source": "security@apache.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"source": "security@apache.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "security@apache.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "security@apache.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98888"}, {"source": "security@apache.org", "url": "http://www.securitytracker.com/id/1038641"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:1801"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:1802"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:1809"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:2493"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:2494"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:2633"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:2635"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:2636"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:2637"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:2638"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"}, {"source": "security@apache.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"source": "security@apache.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "security@apache.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:3080", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "tomcat6-0:6.0.24-111.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-10-30T00:00:00Z"}, {"advisory": "RHSA-2017:1809", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "tomcat-0:7.0.69-12.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-07-27T00:00:00Z"}, {"advisory": "RHSA-2017:2633", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "apache-cxf-0:2.7.18-7.SP6_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "codehaus-jackson-0:1.9.9-11.redhat_5.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "hibernate4-eap6-0:4.2.27-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "hornetq-0:2.3.25-22.SP20_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "infinispan-0:5.2.22-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-bundles-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cli-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-client-all-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-clustering-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cmp-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-connector-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-client-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-core-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-core-security-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-repository-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-scanner-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-domain-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-http-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-management-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-deployment-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ejb3-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-embedded-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-host-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jacorb-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-javadocs-0:7.5.17-4.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxr-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxrs-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jdr-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jpa-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsf-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsr77-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-logging-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-mail-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-management-client-content-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-messaging-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-modcluster-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-modules-eap-0:7.5.17-1.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-naming-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-network-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-service-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-picketlink-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-platform-mbean-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-pojo-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-process-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-product-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-protocol-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-remoting-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-sar-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-security-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-server-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-standalone-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-system-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-threads-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-transactions-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-version-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-web-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-webservices-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-welcome-content-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-weld-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-xts-0:7.5.17-2.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-marshalling-0:1.4.10-3.SP3_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-metadata-0:7.2.3-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-modules-0:1.3.10-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-remoting3-0:3.3.10-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-vfs2-0:3.2.12-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossweb-0:7.5.24-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "log4j-jboss-logmanager-0:1.1.4-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "picketlink-bindings-0:2.5.4-17.SP15_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "picketlink-federation-0:2.5.4-17.SP15_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "apache-cxf-0:2.7.18-7.SP6_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "codehaus-jackson-0:1.9.9-11.redhat_5.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "hibernate4-eap6-0:4.2.27-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "hornetq-0:2.3.25-22.SP20_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "infinispan-0:5.2.22-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-bundles-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cli-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-client-all-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-clustering-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cmp-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-connector-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-client-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-core-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-core-security-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-repository-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-scanner-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-domain-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-http-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-management-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-deployment-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ejb3-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-embedded-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-host-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jacorb-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-javadocs-0:7.5.17-4.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxr-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxrs-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jdr-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jpa-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsf-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsr77-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-logging-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-mail-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-management-client-content-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-messaging-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-modcluster-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-modules-eap-0:7.5.17-1.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-naming-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-network-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-service-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-picketlink-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-platform-mbean-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-pojo-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-process-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-product-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-protocol-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-remoting-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-sar-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-security-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-server-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-standalone-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-system-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-threads-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-transactions-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-version-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-web-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-webservices-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-welcome-content-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-weld-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-xts-0:7.5.17-2.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-marshalling-0:1.4.10-3.SP3_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-metadata-0:7.2.3-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-modules-0:1.3.10-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-remoting3-0:3.3.10-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-vfs2-0:3.2.12-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossweb-0:7.5.24-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "log4j-jboss-logmanager-0:1.1.4-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "picketlink-bindings-0:2.5.4-17.SP15_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2635", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "picketlink-federation-0:2.5.4-17.SP15_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-ec2-eap-0:7.5.17-1.Final_redhat_4.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "apache-cxf-0:2.7.18-7.SP6_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "codehaus-jackson-0:1.9.9-11.redhat_5.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "hibernate4-eap6-0:4.2.27-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "hornetq-0:2.3.25-22.SP20_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "infinispan-0:5.2.22-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-bundles-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-cli-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-client-all-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-clustering-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-cmp-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-connector-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-controller-client-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-core-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-core-security-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-deployment-repository-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-deployment-scanner-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-domain-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-domain-http-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-domain-management-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-ee-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-ee-deployment-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-ejb3-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-embedded-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-host-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jacorb-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-javadocs-0:7.5.17-4.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jaxr-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jaxrs-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jdr-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jpa-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jsf-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jsr77-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-logging-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-mail-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-management-client-content-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-messaging-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-modcluster-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-modules-eap-0:7.5.17-1.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-naming-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-network-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-osgi-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-osgi-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-osgi-service-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-picketlink-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-platform-mbean-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-pojo-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-process-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-product-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-protocol-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-remoting-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-sar-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-security-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-server-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-standalone-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-system-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-threads-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-transactions-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-version-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-web-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-webservices-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-welcome-content-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-weld-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-xts-0:7.5.17-2.Final_redhat_4.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-marshalling-0:1.4.10-3.SP3_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-metadata-0:7.2.3-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-modules-0:1.3.10-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-remoting3-0:3.3.10-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-vfs2-0:3.2.12-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossweb-0:7.5.24-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "log4j-jboss-logmanager-0:1.1.4-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "picketlink-bindings-0:2.5.4-17.SP15_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "picketlink-federation-0:2.5.4-17.SP15_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2493", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:2493", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "tomcat6-0:6.0.41-17_patch_04.ep6.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:2493", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "tomcat7-0:7.0.54-25_patch_05.ep6.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:2493", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:2493", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "tomcat6-0:6.0.41-17_patch_04.ep6.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:2493", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "tomcat7-0:7.0.54-25_patch_05.ep6.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:2494", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1", "package": "tomcat6", "product_name": "Red Hat JBoss Web Server 2.1", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:2494", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1", "package": "tomcat7", "product_name": "Red Hat JBoss Web Server 2.1", "release_date": "2017-08-21T00:00:00Z"}, {"advisory": "RHSA-2017:1802", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1", "product_name": "Red Hat JBoss Web Server 3.1", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat7-0:7.0.70-22.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat8-0:8.0.36-24.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat-native-0:1.2.8-10.redhat_10.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat7-0:7.0.70-22.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat8-0:8.0.36-24.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2017-07-25T00:00:00Z"}, {"advisory": "RHSA-2017:1801", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat-native-0:1.2.8-10.redhat_10.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2017-07-25T00:00:00Z"}], "bugzilla": {"description": "tomcat: Security constrained bypass in error page mechanism", "id": "1459158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459158"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-266", "details": ["The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.", "A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page."], "mitigation": {"lang": "en:us", "value": "If it is necessary to have the DefaultServlet property readonly=false, use a jsp error page, for example Error404.jsp rather than a static html error page. Alternatively do not specify an error-page in the Deployment Descriptor and use a custom ErrorReportValve."}, "name": "CVE-2017-5664", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "jbossweb", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Under investigation", "package_name": "jbossweb", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Under investigation", "package_name": "tomcat7", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Under investigation", "package_name": "tomcat8", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Will not fix", "package_name": "jbossweb", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Will not fix", "package_name": "jbossweb", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-java-common-tomcat", "product_name": "Red Hat Software Collections"}], "public_date": "2017-06-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-5664\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5664\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15"], "statement": "This flaw can be triggered for static error pages only if the readonly property for the DefaultServlet is set to false in the $CATALINA_HOME/conf/web.xml file. The default for readonly is true.", "threat_severity": "Important", "upstream_fix": "tomcat 7.0.78, tomcat 8.0.44, tomcat 8.5.15"}