Vulnerabilities > CVE-2011-0534 - Resource Management Errors vulnerability in Apache Tomcat

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_TOMCAT6-110211.NASL
    descriptionThis tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)
    last seen2020-06-01
    modified2020-06-02
    plugin id53807
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53807
    titleopenSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update tomcat6-3945.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53807);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534");
    
      script_name(english:"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)");
      script_summary(english:"Check for the tomcat6-3945 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This tomcat6 update fixes :
    
      - CVE-2010-3718: CVSS v2 Base Score: 4.0
        (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error
        (CWE-DesignError)
    
      - CVE-2011-0013: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)
    
      - CVE-2011-0534: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors
        (CWE-399)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=669930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-03/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected tomcat6 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/02/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-6.0.20-24.33.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-admin-webapps-6.0.20-24.33.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-docs-webapp-6.0.20-24.33.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-javadoc-6.0.20-24.33.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-jsp-2_1-api-6.0.20-24.33.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-lib-6.0.20-24.33.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-servlet-2_5-api-6.0.20-24.33.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-webapps-6.0.20-24.33.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59677
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59677
    titleGLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-13457.NASL
    descriptionFixes for: CVE-2011-3190 - authentication bypass and information disclosure CVE-2011-2526 - send file validation CVE-2011-2204 - password disclosure vulnerability JAVA_HOME setting in tomcat6.conf CVE-2011-0534, CVE-2011-0013, CVE-2010-3718 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56573
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56573
    titleFedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_TOMCAT6-110211.NASL
    descriptionThis tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)
    last seen2020-06-01
    modified2020-06-02
    plugin id75761
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75761
    titleopenSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)
  • NASL familyWeb Servers
    NASL idTOMCAT_7_0_8.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.32 or 7.0.8. It is, therefore, affected by a denial of service vulnerability. An error, involving the NIO HTTP connector, exists such that the limit
    last seen2020-03-18
    modified2011-02-15
    plugin id51987
    published2011-02-15
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51987
    titleApache Tomcat < 6.0.32 / 7.0.8 NIO Connector DoS
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1097-1.NASL
    descriptionIt was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. (CVE-2010-3718) It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2011-0013) It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service. (CVE-2011-0534). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id53221
    published2011-03-30
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53221
    titleUbuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0335.NASL
    descriptionFrom Red Hat Security Advisory 2011:0335 : Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the
    last seen2020-06-01
    modified2020-06-02
    plugin id68224
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68224
    titleOracle Linux 6 : tomcat6 (ELSA-2011-0335)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0335.NASL
    descriptionUpdated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the
    last seen2020-06-01
    modified2020-06-02
    plugin id52606
    published2011-03-10
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52606
    titleRHEL 6 : tomcat6 (RHSA-2011:0335)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12687.NASL
    description - Apache Tomcat Local bypass of security manger file permissions. (CVE-2010-3718) - Apache Tomcat Manager XSS vulnerability. (CVE-2011-0013)
    last seen2020-06-01
    modified2020-06-02
    plugin id52711
    published2011-03-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52711
    titleSuSE9 Security Update : Tomcat (YOU Patch Number 12687)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2011-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id56481
    published2011-10-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56481
    titleMac OS X Multiple Vulnerabilities (Security Update 2011-006)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TOMCAT5-7337.NASL
    descriptionThis tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)
    last seen2020-06-01
    modified2020-06-02
    plugin id52525
    published2011-03-03
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52525
    titleSuSE 10 Security Update : Tomcat (ZYPP Patch Number 7337)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110309_TOMCAT6_ON_SL6_X.NASL
    descriptionA denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : - A bug in the
    last seen2020-06-01
    modified2020-06-02
    plugin id60985
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60985
    titleScientific Linux Security Update : tomcat6 on SL6.x i386/x86_64
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2160.NASL
    descriptionSeveral vulnerabilities were discovered in the Tomcat Servlet and JSP engine : - CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. - CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. - CVE-2011-0534 It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service. The oldstable distribution (lenny) is not affected by these issues.
    last seen2020-03-17
    modified2011-02-14
    plugin id51959
    published2011-02-14
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51959
    titleDebian DSA-2160-1 : tomcat6 - several vulnerabilities

Redhat

advisories
bugzilla
id676922
titleAdditionally Created Instances of Tomcat are broken / don't work
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commenttomcat6-servlet-2.5-api is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335001
        • commenttomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335002
      • AND
        • commenttomcat6-admin-webapps is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335003
        • commenttomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335004
      • AND
        • commenttomcat6-jsp-2.1-api is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335005
        • commenttomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335006
      • AND
        • commenttomcat6 is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335007
        • commenttomcat6 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335008
      • AND
        • commenttomcat6-lib is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335009
        • commenttomcat6-lib is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335010
      • AND
        • commenttomcat6-javadoc is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335011
        • commenttomcat6-javadoc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335012
      • AND
        • commenttomcat6-log4j is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335013
        • commenttomcat6-log4j is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335014
      • AND
        • commenttomcat6-docs-webapp is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335015
        • commenttomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335016
      • AND
        • commenttomcat6-el-2.1-api is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335017
        • commenttomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335018
      • AND
        • commenttomcat6-webapps is earlier than 0:6.0.24-24.el6_0
          ovaloval:com.redhat.rhsa:tst:20110335019
        • commenttomcat6-webapps is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110335020
rhsa
idRHSA-2011:0335
released2011-03-09
severityImportant
titleRHSA-2011:0335: tomcat6 security and bug fix update (Important)
rpms
  • tomcat6-0:6.0.24-24.el6_0
  • tomcat6-admin-webapps-0:6.0.24-24.el6_0
  • tomcat6-docs-webapp-0:6.0.24-24.el6_0
  • tomcat6-el-2.1-api-0:6.0.24-24.el6_0
  • tomcat6-javadoc-0:6.0.24-24.el6_0
  • tomcat6-jsp-2.1-api-0:6.0.24-24.el6_0
  • tomcat6-lib-0:6.0.24-24.el6_0
  • tomcat6-log4j-0:6.0.24-24.el6_0
  • tomcat6-servlet-2.5-api-0:6.0.24-24.el6_0
  • tomcat6-webapps-0:6.0.24-24.el6_0
  • tomcat6-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-admin-webapps-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-admin-webapps-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-docs-webapp-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-docs-webapp-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-el-1.0-api-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-el-1.0-api-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-javadoc-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-javadoc-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-jsp-2.1-api-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-jsp-2.1-api-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-lib-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-lib-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-log4j-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-log4j-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-servlet-2.5-api-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-servlet-2.5-api-0:6.0.24-11.patch_03.ep5.el5
  • tomcat6-webapps-0:6.0.24-11.patch_03.ep5.el4
  • tomcat6-webapps-0:6.0.24-11.patch_03.ep5.el5