Vulnerabilities > CVE-2007-6306 - Cross-Site Scripting vulnerability in Jfree Jfreechart 1.0.8

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
jfree
CWE-79
nessus

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

Vulnerable Configurations

Part Description Count
OS
Jfree
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Cross-Site Scripting in Error Pages
    An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0261.NASL
    descriptionRed Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43835
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43835
    titleRHEL 4 : Satellite Server (RHSA-2008:0261)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0261. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43835);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128");
      script_bugtraq_id(15325, 16802, 19106, 22085, 22960, 23192, 24004, 24147, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 25653, 26070, 26752, 26838, 27237, 27365, 28481);
      script_xref(name:"RHSA", value:"2008:0261");
    
      script_name(english:"RHEL 4 : Satellite Server (RHSA-2008:0261)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat Network Satellite Server version 5.0.2 is now available. This
    update includes fixes for a number of security issues in Red Hat
    Network Satellite Server components.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    During an internal security review, a cross-site scripting flaw was
    found that affected the Red Hat Network channel search feature.
    (CVE-2007-5961)
    
    This release also corrects several security vulnerabilities in various
    components shipped as part of the Red Hat Network Satellite Server. In
    a typical operating environment, these components are not exposed to
    users of Satellite Server in a vulnerable manner. These security
    updates will reduce risk in unique Satellite Server environments.
    
    Multiple flaws were fixed in the Apache HTTPD server. These flaws
    could result in a cross-site scripting, denial-of-service, or
    information disclosure attacks. (CVE-2004-0885, CVE-2006-5752,
    CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465,
    CVE-2007-5000, CVE-2007-6388)
    
    A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
    
    A denial-of-service flaw was fixed in the jabberd server.
    (CVE-2006-1329)
    
    Multiple cross-site scripting flaws were fixed in the image map
    feature in the JFreeChart package. (CVE-2007-6306)
    
    Multiple flaws were fixed in the IBM Java 1.4.2 Runtime.
    (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
    
    Two arbitrary code execution flaws were fixed in the OpenMotif
    package. (CVE-2005-3964, CVE-2005-0605)
    
    A flaw which could result in weak encryption was fixed in the
    perl-Crypt-CBC package. (CVE-2006-0898)
    
    Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
    CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358,
    CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450,
    CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254,
    CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
    
    Users of Red Hat Network Satellite Server 5.0 are advised to upgrade
    to 5.0.2, which resolves these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-2090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3964"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-4838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-5752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0243"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3385"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0128"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0261"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmotif21");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0261";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server");
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-0.9.20-3.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openmotif21-2.1.30-11.RHEL4.6")) flag++;
      if (rpm_check(release:"RHEL4", reference:"perl-Crypt-CBC-2.24-1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0151.NASL
    descriptionUpdated JBoss Enterprise Application Platform (JBEAP) packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform (JBEAP) is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss Application Server and JBoss Seam. This release serves as a replacement to JBEAP 4.2.0.GA. It fixes several security issues : The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script, or HTML, via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static Java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static Java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise JavaBeans Query Language (EJB QL) commands via the order parameter. (CVE-2007-6433) These updated packages include bug fixes and enhancements which are not listed here. For a full list, please refer to the JBEAP 4.2.0CP02 release notes: http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html Warning: before applying this update, please backup the JBEAP
    last seen2020-06-01
    modified2020-06-02
    plugin id63848
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63848
    titleRHEL 4 : JBoss EAP (RHSA-2008:0151)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0151. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63848);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-4575", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6433", "CVE-2008-0002");
      script_bugtraq_id(26703, 26752);
      script_xref(name:"RHSA", value:"2008:0151");
    
      script_name(english:"RHEL 4 : JBoss EAP (RHSA-2008:0151)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated JBoss Enterprise Application Platform (JBEAP) packages that
    fix several security issues are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    JBoss Enterprise Application Platform (JBEAP) is a middleware platform
    for Java 2 Platform, Enterprise Edition (J2EE) applications.
    
    This release of JBEAP for Red Hat Enterprise Linux 4 contains the
    JBoss Application Server and JBoss Seam. This release serves as a
    replacement to JBEAP 4.2.0.GA. It fixes several security issues :
    
    The JFreeChart component was vulnerable to multiple cross-site
    scripting (XSS) vulnerabilities. An attacker could misuse the image
    map feature to inject arbitrary web script, or HTML, via several
    attributes of the chart area. (CVE-2007-6306)
    
    A vulnerability caused by exposing static Java methods was located
    within the HSQLDB component. This could be utilized by an attacker to
    execute arbitrary static Java methods. (CVE-2007-4575)
    
    The setOrder method in the org.jboss.seam.framework.Query class did
    not correctly validate user-supplied parameters. This vulnerability
    allowed remote attackers to inject, and execute, arbitrary Enterprise
    JavaBeans Query Language (EJB QL) commands via the order parameter.
    (CVE-2007-6433)
    
    These updated packages include bug fixes and enhancements which are
    not listed here. For a full list, please refer to the JBEAP 4.2.0CP02
    release notes:
    http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
    
    Warning: before applying this update, please backup the JBEAP
    'server/[configuration]/deploy/' directory, and any other customized
    configuration files.
    
    All users of JBEAP on Red Hat Enterprise Linux 4 are advised to
    upgrade to these updated packages, which resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0002"
      );
      # http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/documentation/en-us/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0151"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 22, 79, 94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:concurrent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jaf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-javamail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jstl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hsqldb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jacorb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-aop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-cache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remoting");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-seam");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-seam-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-jboss42");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-wsconsume-impl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossxb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jcommon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jgroups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wsdl4j");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0151";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL4", rpm:"jbossas-4"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP");
    
      if (rpm_check(release:"RHEL4", reference:"concurrent-1.3.4-7jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jaf-1.1.0-0jpp.ep1.10.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-javamail-1.4.0-0jpp.ep1.8")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jstl-1.2.0-0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jacorb-2.3.0-1jpp.ep1.4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-common-1.2.1-0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-seam-1.2.1-1.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-seam-docs-1.2.1-1.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossas-4.2.0-3.GA_CP02.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossweb-2.0.0-3.CP05.0jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossws-jboss42-1.2.1-0jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jcommon-1.0.12-1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-1.0.9-1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jgroups-2.4.1-1.SP4.0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"wsdl4j-1.6.2-1jpp.ep1.8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "concurrent / glassfish-jaf / glassfish-javamail / glassfish-jsf / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0524.NASL
    descriptionRed Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43837
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43837
    titleRHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0524. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43837);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2004-0687", "CVE-2004-0688", "CVE-2004-0885", "CVE-2004-0914", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128");
      script_bugtraq_id(13873, 15325, 16802, 19106, 22085, 22960, 23192, 24004, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 26070, 26752, 26838, 27237, 27365, 28481);
      script_xref(name:"RHSA", value:"2008:0524");
    
      script_name(english:"RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat Network Satellite Server version 4.2.3 is now available. This
    update includes fixes for a number of security issues in Red Hat
    Network Satellite Server components.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    This release corrects several security vulnerabilities in various
    components shipped as part of the Red Hat Network Satellite Server
    4.2. In a typical operating environment, these components are not
    exposed to users of Satellite Server in a vulnerable manner. These
    security updates will reduce risk in unique Satellite Server
    environments.
    
    Multiple flaws were fixed in the Apache HTTPD server. These flaws
    could result in a cross-site scripting, denial-of-service, or
    information disclosure attacks. (CVE-2004-0885, CVE-2006-5752,
    CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465,
    CVE-2007-5000, CVE-2007-6388)
    
    A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
    
    A denial-of-service flaw was fixed in the jabberd server.
    (CVE-2006-1329)
    
    Multiple cross-site scripting flaws were fixed in the image map
    feature in the JFreeChart package. (CVE-2007-6306)
    
    Multiple flaws were fixed in the IBM Java 1.4.2 Runtime.
    (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
    
    Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,
    CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)
    
    A flaw which could result in weak encryption was fixed in the
    perl-Crypt-CBC package. (CVE-2006-0898)
    
    Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
    CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358,
    CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450,
    CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254,
    CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
    
    Users of Red Hat Network Satellite Server 4.2 are advised to upgrade
    to 4.2.3, which resolves these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0687"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0688"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-2090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3964"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-4838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-5752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0243"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3385"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0128"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0524"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmotif21");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0524";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL3", rpm:"rhns-app-") || rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server");
    
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"jabberd-2.0s10-3.37.rhn")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el3")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3")) flag++;
      if (rpm_check(release:"RHEL3", reference:"jfreechart-0.9.20-3.rhn")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"openmotif21-2.1.30-9.RHEL3.8")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-Crypt-CBC-2.24-1.el3")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel3")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel3")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel3")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel3")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-0.9.20-3.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openmotif21-2.1.30-11.RHEL4.6")) flag++;
      if (rpm_check(release:"RHEL4", reference:"perl-Crypt-CBC-2.24-1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0630.NASL
    descriptionRed Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. During an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369) This release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43840
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43840
    titleRHEL 4 : Satellite Server (RHSA-2008:0630)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0213.NASL
    descriptionNew JBoss Enterprise Application Platform (JBEAP) packages, comprising the 4.2.0.CP02 release, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 5 contains the JBoss Application Server and JBoss Seam and serves as a replacement for JBEAP 4.2.0.GA_CP01. As well as fixing numerous bugs and adding enhancements, these updated packages addresses several security issues. The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script or HTML via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not properly validate user-supplied parameters. This vulnerability allowed remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. (CVE-2007-6433) For details regarding the bug fixes and enhancements included with this update, please see the JBoss Enterprise Application Platform 4.2.0.CP02 Release Notes, linked to in the References section below. All Red Hat Enterprise Linux 5 users wanting to use the JBoss Enterprise Application Platform are advised to install these new packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id63851
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63851
    titleRHEL 5 : JBoss EAP (RHSA-2008:0213)

Redhat

advisories
  • rhsa
    idRHSA-2008:0151
  • rhsa
    idRHSA-2008:0158
  • rhsa
    idRHSA-2008:0213
  • rhsa
    idRHSA-2008:0261
  • rhsa
    idRHSA-2008:0630
rpms
  • concurrent-0:1.3.4-7jpp.ep1.6.el4
  • glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2
  • hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1
  • jacorb-0:2.3.0-1jpp.ep1.4
  • jacorb-demo-0:2.3.0-1jpp.ep1.4
  • jacorb-javadoc-0:2.3.0-1jpp.ep1.4
  • jacorb-manual-0:2.3.0-1jpp.ep1.4
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4
  • jboss-common-0:1.2.1-0jpp.ep1.2
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1
  • jboss-seam-0:1.2.1-1.ep1.3.el4
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el4
  • jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4
  • jcommon-0:1.0.12-1jpp.ep1.2.el4
  • jfreechart-0:1.0.9-1jpp.ep1.2.el4
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4
  • wsdl4j-0:1.6.2-1jpp.ep1.8
  • concurrent-0:1.3.4-7jpp.ep1.6.el4
  • concurrent-0:1.3.4-8jpp.ep1.6.el5.1
  • glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5
  • hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1
  • jacorb-0:2.3.0-1jpp.ep1.4
  • jacorb-0:2.3.0-1jpp.ep1.5.el5
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.2
  • jboss-common-0:1.2.1-0jpp.ep1.2.el5.1
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5
  • jboss-seam-0:1.2.1-1.ep1.3.el4
  • jboss-seam-0:1.2.1-1.ep1.3.el5
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el4
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el5
  • jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4
  • jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1
  • jcommon-0:1.0.12-1jpp.ep1.2.el4
  • jcommon-0:1.0.12-1jpp.ep1.2.el5
  • jfreechart-0:1.0.9-1jpp.ep1.2.el4
  • jfreechart-0:1.0.9-1jpp.ep1.2.el5.1
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5
  • juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • wsdl4j-0:1.6.2-1jpp.ep1.8
  • concurrent-0:1.3.4-8jpp.ep1.6.el5.1
  • glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5
  • hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • jacorb-0:2.3.0-1jpp.ep1.5.el5
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.2.el5.1
  • jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5
  • jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5
  • jboss-seam-0:1.2.1-1.ep1.3.el5
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el5
  • jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1
  • jcommon-0:1.0.12-1jpp.ep1.2.el5
  • jfreechart-0:1.0.9-1jpp.ep1.2.el5.1
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5
  • juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • ws-commons-policy-0:1.0-2jpp.ep1.4.el5
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jfreechart-0:0.9.20-3.rhn
  • mod_perl-0:2.0.2-12.el4
  • mod_perl-debuginfo-0:2.0.2-12.el4
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-html-0:5.1.1-7
  • tomcat5-0:5.0.30-0jpp_10rh