Vulnerabilities > CVE-2011-2487 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

apache

redhat

CWE-327

nessus

NVD

Published: 2020-03-11

Updated: 2023-02-13

Summary

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Wss4J 1.0.0 Apache Wss4J 1.1.0 Apache Wss4J 1.5.0 Apache Wss4J 1.5.1 Apache Wss4J 1.5.2 Apache Wss4J 1.5.3 Apache Wss4J 1.5.4 Apache Wss4J 1.5.5 Apache Wss4J 1.5.6 Apache Wss4J 1.5.7 Apache Wss4J 1.5.8 Apache Wss4J 1.5.9 Apache Wss4J 1.5.10 Apache Wss4J 1.5.11 Apache Wss4J 1.5.12 Apache Wss4J 1.6.0 Apache Wss4J 1.6.1 Apache Wss4J 1.6.2 Apache Wss4J 1.6.3 Apache Wss4J 1.6.4 Apache CXF 2.4.0 Apache CXF 2.4.1 Apache CXF 2.4.2 Apache CXF 2.4.3 Apache CXF 2.4.4 Apache CXF 2.4.5 Apache CXF 2.4.6 Apache CXF 2.5.0 Apache CXF 2.5.1 Apache CXF 2.5.2	30
Application	Redhat Redhat Jboss Enterprise SOA Platform 4.3.0 Redhat Jboss Enterprise SOA Platform 4.2.0 Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Portal 4.0.0 Redhat Jboss Enterprise WEB Platform 5.0.0 Redhat Jboss Business Rules Management System 5.3 Redhat Jboss Enterprise Application Platform Text Only Advisories - Redhat Jboss Middleware Text Only Advisories - Redhat Jboss WEB Services -	9

Common Weakness Enumeration (CWE)

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Common Attack Pattern Enumeration and Classification (CAPEC)

Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
Creating a Rogue Certificate Authority Certificate
An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
Signature Spoof
An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
Cryptanalysis
Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: 1. Total Break - Finding the secret key 2. Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key. 3. Information Deduction - Gaining some information about plaintexts or ciphertexts that was not previously known 4. Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-0848.NASL
description	Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher
last seen	2020-06-01
modified	2020-06-02
plugin id	112239
published	2018-09-04
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112239
title	RHEL 7 : JBoss EAP (RHSA-2015:0848)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0192.NASL
description	Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096) JBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487) Spring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730) Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379) When an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-06-01
modified	2020-06-02
plugin id	64079
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64079
title	RHEL 5 : JBoss EAP (RHSA-2013:0192)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0839.NASL
description	Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. (CVE-2012-5575) Note: Automatic checks to prevent CVE-2012-5575 are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. When applications running on JBoss Web used the COOKIE session tracking method, the org.apache.catalina.connector.Response.encodeURL() method returned the URL with the jsessionid appended as a query string parameter when processing the first request of a session. An attacker could possibly exploit this flaw by performing a man-in-the-middle attack to obtain a user
last seen	2020-06-01
modified	2020-06-02
plugin id	66523
published	2013-05-21
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66523
title	RHEL 5 : JBoss EAP (RHSA-2013:0839)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0834.NASL
description	Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. (CVE-2012-5575) Note: Automatic checks to prevent CVE-2012-5575 are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. When applications running on JBoss Web used the COOKIE session tracking method, the org.apache.catalina.connector.Response.encodeURL() method returned the URL with the jsessionid appended as a query string parameter when processing the first request of a session. An attacker could possibly exploit this flaw by performing a man-in-the-middle attack to obtain a user
last seen	2020-06-01
modified	2020-06-02
plugin id	66522
published	2013-05-21
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66522
title	RHEL 6 : JBoss EAP (RHSA-2013:0834)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0873.NASL
description	Updated packages for JBoss Enterprise Application Platform 5.2.0 which fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native (jbossws-native) stacks. (CVE-2012-5575) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. If you are using jbossws-cxf, then automatic checks to prevent this flaw are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. If you are using jbossws-native, the fix for this flaw is implemented by two new configuration parameters in the
last seen	2020-06-01
modified	2020-06-02
plugin id	66662
published	2013-05-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66662
title	RHEL 5 / 6 : JBoss EAP (RHSA-2013:0873)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0193.NASL
description	Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096) JBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487) Spring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730) Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379) When an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-03-20
modified	2013-01-24
plugin id	64080
published	2013-01-24
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64080
title	RHEL 4 : JBoss EAP (RHSA-2013:0193)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0195.NASL
description	Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements. As JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform, refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096) JBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487) Spring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730) Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379) When an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator# authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-03-20
modified	2014-11-08
plugin id	78945
published	2014-11-08
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78945
title	RHEL 6 : JBoss EWP (RHSA-2013:0195)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-0846.NASL
description	Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher
last seen	2020-06-01
modified	2020-06-02
plugin id	82895
published	2015-04-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82895
title	RHEL 5 : JBoss EAP (RHSA-2015:0846)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0191.NASL
description	Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements. Refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096) JBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487) Spring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730) Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379) When an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of a URL. (CVE-2012-3546) The JMX Console was vulnerable to CSRF attacks, allowing a remote attacker to hijack the authenticated JMX Console session of an administrator. (CVE-2011-2908) An XSS flaw allowed a remote attacker to perform an XSS attack against victims using the JMX Console. (CVE-2011-4575) SecurityAssociation.getCredential() returned the previous credential if no security context was provided. Depending on the deployed applications, this could possibly allow a remote attacker to hijack the credentials of a previously-authenticated user. (CVE-2012-3370) Configuring the JMX Invoker to restrict access to users with specific roles did not actually restrict access, allowing remote attackers with valid JMX Invoker credentials to perform JMX operations accessible to roles they are not a member of. (CVE-2012-5478) twiddle.sh accepted credentials as command line arguments, allowing local users to view them via a process listing. (CVE-2009-5066) NonManagedConnectionFactory logged the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. (CVE-2012-0034) The JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow unauthenticated access by default in some profiles. The security interceptor's second layer of authentication prevented direct exploitation of this flaw. If the interceptor was misconfigured or inadvertently disabled, this flaw could lead to arbitrary code execution in the context of the user running the JBoss server. (CVE-2012-0874) The JGroups diagnostics service was enabled with no authentication when a JGroups channel was started, allowing attackers on the adjacent network to read diagnostic information. (CVE-2012-2377) CallerIdentityLoginModule retained the password from the previous call if a null password was provided. In non-default configurations this could possibly lead to a remote attacker hijacking a previously-authenticated user's session. (CVE-2012-3369) Red Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575. CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874 discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by Red Hat.
last seen	2017-10-29
modified	2014-05-02
plugin id	64078
published	2013-01-24
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=64078
title	RHEL 6 : JBoss EAP (RHSA-2013:0191)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0197.NASL
description	Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements. As JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform, refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096) JBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487) Spring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730) Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379) When an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-03-20
modified	2014-11-08
plugin id	78947
published	2014-11-08
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78947
title	RHEL 4 : JBoss EWP (RHSA-2013:0197)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-0847.NASL
description	Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher
last seen	2020-06-01
modified	2020-06-02
plugin id	82896
published	2015-04-20
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82896
title	RHEL 6 : JBoss EAP (RHSA-2015:0847)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0196.NASL
description	Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements. As JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform, refer to the JBoss Enterprise Application Platform 5.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. (CVE-2011-1096) JBoss Web Services leaked side-channel data when distributing symmetric keys (for XML encryption), allowing a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2011-2487) Spring framework could possibly evaluate Expression Language (EL) expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix. Refer to the Solution section. (CVE-2011-2730) Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. Refer to the Solution section for details. (CVE-2012-2379) When an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator# authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-03-20
modified	2014-11-08
plugin id	78946
published	2014-11-08
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78946
title	RHEL 5 : JBoss EWP (RHSA-2013:0196)

Redhat

rpms

aopalliance-0:1.0-5.3.ep5.el6
apache-cxf-0:2.2.12-6.1.patch_04.ep5.el6
bsh2-0:2.0-0.b4.15.patch01.ep5.el6
bsh2-bsf-0:2.0-0.b4.15.patch01.ep5.el6
glassfish-jaxb-0:2.1.12-12_patch_03.ep5.el6
google-guice-0:2.0-3.ep5.el6
hibernate3-1:3.3.2-1.9.GA_CP05.ep5.el6
hibernate3-annotations-0:3.4.0-3.6.GA_CP05.ep5.el6
hibernate3-annotations-javadoc-0:3.4.0-3.6.GA_CP05.ep5.el6
hibernate3-entitymanager-0:3.4.0-4.5.GA_CP05.ep5.el6
hibernate3-entitymanager-javadoc-0:3.4.0-4.5.GA_CP05.ep5.el6
hibernate3-javadoc-1:3.3.2-1.9.GA_CP05.ep5.el6
hibernate3-search-0:3.1.1-2.5.GA_CP05.ep5.el6
hibernate3-search-javadoc-0:3.1.1-2.5.GA_CP05.ep5.el6
hornetq-0:2.2.24-1.EAP.GA.ep5.el6
hornetq-native-0:2.2.20-1.EAP.GA.ep5.el6
hornetq-native-debuginfo-0:2.2.20-1.EAP.GA.ep5.el6
hsqldb-2:1.8.0.10-11_patch_01.1.ep5.el6
jacorb-jboss-0:2.3.2-2.jboss_1.ep5.el6
javassist-0:3.12.0-6.SP1.ep5.el6
jboss-aop2-0:2.1.6-5.CP06.ep5.el6
jboss-bootstrap-0:1.0.2-1.ep5.el6
jboss-cache-core-0:3.2.11-1.GA.ep5.el6
jboss-cache-pojo-0:3.0.1-1.ep5.el6
jboss-cl-0:2.0.11-4.GA.ep5.el6
jboss-cluster-ha-server-api-0:1.2.1-2.ep5.el6
jboss-common-beans-0:1.0.1-2.Final.ep5.el6
jboss-common-core-0:2.2.21-1.ep5.el6
jboss-ejb-3.0-api-0:5.0.2-2.ep5.el6
jboss-ejb3-cache-0:1.0.0-4.ep5.el6
jboss-ejb3-core-0:1.3.9-0.4.ep5.el6
jboss-ejb3-ext-api-0:1.0.0-4.1.ep5.el6
jboss-ejb3-ext-api-impl-0:1.0.0-3.7.ep5.el6
jboss-ejb3-interceptors-0:1.0.9-0.2.ep5.el6
jboss-ejb3-metadata-0:1.0.0-3.ep5.el6
jboss-ejb3-metrics-deployer-0:1.1.1-0.1.ep5.el6
jboss-ejb3-security-0:1.0.2-0.5.ep5.el6
jboss-ejb3-timeout-0:0.1.1-0.8.ep5.el6
jboss-ejb3-timeout-3.0-api-0:0.1.1-0.8.ep5.el6
jboss-ejb3-timeout-spi-0:0.1.1-0.8.ep5.el6
jboss-ejb3-transactions-0:1.0.2-1.6.ep5.el6
jboss-jacc-1.1-api-0:5.0.2-2.ep5.el6
jboss-jad-1.2-api-0:5.0.2-2.ep5.el6
jboss-jaspi-1.0-api-0:5.0.2-2.ep5.el6
jboss-javaee-0:5.0.2-2.ep5.el6
jboss-javaee-poms-0:5.0.2-2.ep5.el6
jboss-jaxrpc-api_1.1_spec-0:1.0.0-16.ep5.el6
jboss-jca-1.5-api-0:5.0.2-2.ep5.el6
jboss-jms-1.1-api-0:5.0.2-2.ep5.el6
jboss-jpa-deployers-0:1.0.0-6.SP2.ep5.el6
jboss-logmanager-0:1.1.2-6.GA_patch_01.ep5.el6
jboss-messaging-0:1.4.8-12.SP9.1.ep5.el6
jboss-naming-0:5.0.3-5.CP02.ep5.el6
jboss-reflect-0:2.0.4-2.ep5.el6
jboss-remoting-0:2.5.4-10.SP4.1.ep5.el6
jboss-seam2-0:2.2.6.EAP5-14.ep5.el6
jboss-seam2-docs-0:2.2.6.EAP5-14.ep5.el6
jboss-seam2-examples-0:2.2.6.EAP5-14.ep5.el6
jboss-seam2-runtime-0:2.2.6.EAP5-14.ep5.el6
jboss-security-negotiation-0:2.1.3-1.GA.ep5.el6
jboss-security-spi-1:2.0.5-4.SP3_1.ep5.el6
jboss-transaction-1.0.1-api-0:5.0.2-2.ep5.el6
jboss-vfs2-0:2.2.1-4.GA.ep5.el6
jbossas-0:5.2.0-16.ep5.el6
jbossas-client-0:5.2.0-16.ep5.el6
jbossas-hornetq-0:5.2.0-7.ep5.el6
jbossas-messaging-0:5.2.0-16.ep5.el6
jbossas-tp-licenses-0:5.2.0-8.ep5.el6
jbossas-ws-cxf-0:5.2.0-10.ep5.el6
jbossas-ws-native-0:5.2.0-16.ep5.el6
jbosssx2-0:2.0.5-8.3.SP3_1.ep5.el6
jbossts-1:4.6.1-12.CP13.7.ep5.el6
jbossts-javadoc-1:4.6.1-12.CP13.7.ep5.el6
jbossweb-0:2.1.13-2_patch_01.ep5.el6
jbossweb-el-1.0-api-0:2.1.13-2_patch_01.ep5.el6
jbossweb-jsp-2.1-api-0:2.1.13-2_patch_01.ep5.el6
jbossweb-lib-0:2.1.13-2_patch_01.ep5.el6
jbossweb-servlet-2.5-api-0:2.1.13-2_patch_01.ep5.el6
jbossws-0:3.1.2-13.SP15_patch_01.ep5.el6
jbossws-common-0:1.1.0-9.SP10.ep5.el6
jbossws-framework-0:3.1.2-9.SP13.ep5.el6
jbossws-spi-0:1.1.2-6.SP8.ep5.el6
jgroups-1:2.6.22-1.ep5.el6
jopr-embedded-0:1.3.4-19.SP6.9.ep5.el6
jopr-hibernate-plugin-0:3.0.0-14.EmbJopr5.ep5.el6
jopr-jboss-as-5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6
jopr-jboss-cache-v3-plugin-0:3.0.0-15.EmbJopr5.ep5.el6
mod_cluster-demo-0:1.0.10-12.2.GA_CP04.ep5.el6
mod_cluster-jbossas-0:1.0.10-12.2.GA_CP04.ep5.el6
mod_cluster-jbossweb2-0:1.0.10-12.2.GA_CP04.ep5.el6
mod_cluster-native-0:1.0.10-10.GA_CP04_patch01.ep5.el6
mod_cluster-native-debuginfo-0:1.0.10-10.GA_CP04_patch01.ep5.el6
mod_cluster-tomcat6-0:1.0.10-12.2.GA_CP04.ep5.el6
netty-0:3.2.5-6.ep5.el6
picketlink-federation-0:2.1.5-3.ep5.el6
picketlink-quickstarts-0:2.1.5-1.ep5.el6
picketlink-quickstarts-idp-0:2.1.5-1.ep5.el6
picketlink-quickstarts-pdp-0:2.1.5-1.ep5.el6
picketlink-quickstarts-sts-0:2.1.5-1.ep5.el6
resteasy-0:1.2.1-17.CP02_patch02.1.ep5.el6
resteasy-examples-0:1.2.1-17.CP02_patch02.1.ep5.el6
resteasy-javadoc-0:1.2.1-17.CP02_patch02.1.ep5.el6
resteasy-manual-0:1.2.1-17.CP02_patch02.1.ep5.el6
rh-eap-docs-0:5.2.0-10.ep5.el6
rh-eap-docs-examples-0:5.2.0-10.ep5.el6
rhq-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-ant-bundle-common-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-common-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-client-api-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-comm-api-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-dbutils-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-domain-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-gui-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-native-system-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-plugin-api-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-plugin-container-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-plugindoc-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-util-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-filetemplate-bundle-common-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-helpers-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-jboss-as-common-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-jmx-plugin-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-modules-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-platform-plugin-0:3.0.0-14.EmbJopr5.ep5.el6
rhq-plugin-validator-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-pluginAnnotations-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-pluginGen-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-plugins-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-rtfilter-0:3.0.0-21.EmbJopr5.ep5.el6
spring2-0:2.5.6-9.SEC03.1.ep5.el6
spring2-agent-0:2.5.6-9.SEC03.1.ep5.el6
spring2-all-0:2.5.6-9.SEC03.1.ep5.el6
spring2-aop-0:2.5.6-9.SEC03.1.ep5.el6
spring2-beans-0:2.5.6-9.SEC03.1.ep5.el6
spring2-context-0:2.5.6-9.SEC03.1.ep5.el6
spring2-core-0:2.5.6-9.SEC03.1.ep5.el6
wss4j-0:1.5.12-4_patch_02.ep5.el6
xerces-j2-0:2.9.1-10.patch02.ep5.el6
xerces-j2-scripts-0:2.9.1-10.patch02.ep5.el6
xml-commons-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-jaxp-1.1-apis-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-jaxp-1.2-apis-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-jaxp-1.3-apis-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-resolver10-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-resolver11-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-resolver12-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-which10-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-which11-0:1.3.04-8.2_patch_01.ep5.el6
xml-security-0:1.5.1-2.ep5.el6
aopalliance-0:1.0-5.2.jdk6.ep5.el5
apache-cxf-0:2.2.12-6.1.patch_04.ep5.el5
bsh2-0:2.0-0.b4.15.1.patch01.ep5.el5
bsh2-bsf-0:2.0-0.b4.15.1.patch01.ep5.el5
glassfish-jaxb-0:2.1.12-12_patch_03.ep5.el5
google-guice-0:2.0-3.ep5.el5
hibernate3-1:3.3.2-1.5.GA_CP05.ep5.el5
hibernate3-annotations-0:3.4.0-3.3.GA_CP05.ep5.el5
hibernate3-annotations-javadoc-0:3.4.0-3.3.GA_CP05.ep5.el5
hibernate3-entitymanager-0:3.4.0-4.4.GA_CP05.ep5.el5
hibernate3-entitymanager-javadoc-0:3.4.0-4.4.GA_CP05.ep5.el5
hibernate3-javadoc-1:3.3.2-1.5.GA_CP05.ep5.el5
hibernate3-search-0:3.1.1-2.4.GA_CP05.ep5.el5
hibernate3-search-javadoc-0:3.1.1-2.4.GA_CP05.ep5.el5
hornetq-0:2.2.24-1.EAP.GA.ep5.el5
hornetq-native-0:2.2.20-1.EAP.GA.1.ep5.el5
hornetq-native-debuginfo-0:2.2.20-1.EAP.GA.1.ep5.el5
jacorb-jboss-0:2.3.2-2.jboss_1.ep5.el5
javassist-0:3.12.0-6.SP1.ep5.el5
jboss-aop2-0:2.1.6-5.CP06.ep5.el5
jboss-bootstrap-0:1.0.2-1.ep5.el5
jboss-cache-core-0:3.2.11-1.GA.ep5.el5
jboss-cache-pojo-0:3.0.1-1.1.ep5.el5
jboss-cl-0:2.0.11-1.GA.ep5.el5
jboss-cluster-ha-server-api-0:1.2.1-2.ep5.el5
jboss-common-beans-0:1.0.1-2.1.Final.ep5.el5
jboss-common-core-0:2.2.21-1.ep5.el5
jboss-eap5-native-0:5.2.0-6.ep5.el5
jboss-ejb-3.0-api-0:5.0.2-2.ep5.el5
jboss-ejb3-cache-0:1.0.0-4.ep5.el5
jboss-ejb3-core-0:1.3.9-0.4.ep5.el5
jboss-ejb3-ext-api-0:1.0.0-4.1.ep5.el5
jboss-ejb3-ext-api-impl-0:1.0.0-3.7.ep5.el5
jboss-ejb3-interceptors-0:1.0.9-0.1.ep5.el5
jboss-ejb3-metadata-0:1.0.0-3.ep5.el5
jboss-ejb3-metrics-deployer-0:1.1.1-0.1.ep5.el5
jboss-ejb3-security-0:1.0.2-0.5.ep5.el5
jboss-ejb3-timeout-0:0.1.1-0.5.ep5.el5
jboss-ejb3-timeout-3.0-api-0:0.1.1-0.5.ep5.el5
jboss-ejb3-timeout-spi-0:0.1.1-0.5.ep5.el5
jboss-ejb3-transactions-0:1.0.2-1.4.ep5.el5
jboss-jacc-1.1-api-0:5.0.2-2.ep5.el5
jboss-jad-1.2-api-0:5.0.2-2.ep5.el5
jboss-jaspi-1.0-api-0:5.0.2-2.ep5.el5
jboss-javaee-0:5.0.2-2.ep5.el5
jboss-javaee-poms-0:5.0.2-2.ep5.el5
jboss-jaxrpc-api_1.1_spec-0:1.0.0-16.ep5.el5
jboss-jca-1.5-api-0:5.0.2-2.ep5.el5
jboss-jms-1.1-api-0:5.0.2-2.ep5.el5
jboss-jpa-deployers-0:1.0.0-6.1SP2.ep5.el5
jboss-logmanager-0:1.1.2-6.GA_patch_01.ep5.el5
jboss-messaging-0:1.4.8-12.SP9.1.ep5.el5
jboss-naming-0:5.0.3-5.1.CP02.ep5.el5
jboss-reflect-0:2.0.4-2.1.ep5.el5
jboss-remoting-0:2.5.4-10.SP4.1.ep5.el5
jboss-seam2-0:2.2.6.EAP5-10.ep5.el5
jboss-seam2-docs-0:2.2.6.EAP5-10.ep5.el5
jboss-seam2-examples-0:2.2.6.EAP5-10.ep5.el5
jboss-seam2-runtime-0:2.2.6.EAP5-10.ep5.el5
jboss-security-negotiation-0:2.1.3-1.GA.ep5.el5
jboss-security-spi-1:2.0.5-4.SP3_1.ep5.el5
jboss-transaction-1.0.1-api-0:5.0.2-2.ep5.el5
jboss-vfs2-0:2.2.1-4.GA.ep5.el5
jbossas-0:5.2.0-14.ep5.el5
jbossas-client-0:5.2.0-14.ep5.el5
jbossas-hornetq-0:5.2.0-5.ep5.el5
jbossas-messaging-0:5.2.0-14.ep5.el5
jbossas-tp-licenses-0:5.2.0-7.ep5.el5
jbossas-ws-cxf-0:5.2.0-7.ep5.el5
jbossas-ws-native-0:5.2.0-14.ep5.el5
jbosssx2-0:2.0.5-8.SP3_1.ep5.el5
jbossts-1:4.6.1-12.CP13.8.ep5.el5
jbossts-javadoc-1:4.6.1-12.CP13.8.ep5.el5
jbossweb-0:2.1.13-2_patch_01.ep5.el5
jbossweb-el-1.0-api-0:2.1.13-2_patch_01.ep5.el5
jbossweb-jsp-2.1-api-0:2.1.13-2_patch_01.ep5.el5
jbossweb-lib-0:2.1.13-2_patch_01.ep5.el5
jbossweb-servlet-2.5-api-0:2.1.13-2_patch_01.ep5.el5
jbossws-0:3.1.2-13.SP15_patch_01.ep5.el5
jbossws-common-0:1.1.0-9.SP10.ep5.el5
jbossws-framework-0:3.1.2-9.SP13.ep5.el5
jbossws-spi-0:1.1.2-6.SP8.ep5.el5
jgroups-1:2.6.22-1.ep5.el5
jopr-embedded-0:1.3.4-19.SP6.9.ep5.el5
jopr-hibernate-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
jopr-jboss-as-5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
jopr-jboss-cache-v3-plugin-0:3.0.0-15.EmbJopr5.ep5.el5
mod_cluster-demo-0:1.0.10-12.2.GA_CP04.ep5.el5
mod_cluster-jbossas-0:1.0.10-12.2.GA_CP04.ep5.el5
mod_cluster-jbossweb2-0:1.0.10-12.2.GA_CP04.ep5.el5
mod_cluster-native-0:1.0.10-10.GA_CP04_patch01.ep5.el5
mod_cluster-native-debuginfo-0:1.0.10-10.GA_CP04_patch01.ep5.el5
mod_cluster-tomcat6-0:1.0.10-12.2.GA_CP04.ep5.el5
netty-0:3.2.5-6.ep5.el5
picketlink-federation-0:2.1.5-3.ep5.el5
picketlink-quickstarts-0:2.1.5-1.ep5.el5
picketlink-quickstarts-idp-0:2.1.5-1.ep5.el5
picketlink-quickstarts-pdp-0:2.1.5-1.ep5.el5
picketlink-quickstarts-sts-0:2.1.5-1.ep5.el5
resteasy-0:1.2.1-18.CP02_patch02.1.ep5.el5
resteasy-examples-0:1.2.1-18.CP02_patch02.1.ep5.el5
resteasy-javadoc-0:1.2.1-18.CP02_patch02.1.ep5.el5
resteasy-manual-0:1.2.1-18.CP02_patch02.1.ep5.el5
rh-eap-docs-0:5.2.0-6.ep5.el5
rh-eap-docs-examples-0:5.2.0-6.ep5.el5
rhq-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-ant-bundle-common-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-common-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-client-api-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-comm-api-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-dbutils-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-domain-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-gui-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-native-system-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-plugin-api-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-plugin-container-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-plugindoc-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-util-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-filetemplate-bundle-common-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-helpers-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-jboss-as-common-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-jmx-plugin-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-modules-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-platform-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
rhq-plugin-validator-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-pluginAnnotations-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-pluginGen-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-plugins-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-rtfilter-0:3.0.0-21.EmbJopr5.ep5.el5
spring2-0:2.5.6-9.SEC03.1.ep5.el5
spring2-agent-0:2.5.6-9.SEC03.1.ep5.el5
spring2-all-0:2.5.6-9.SEC03.1.ep5.el5
spring2-aop-0:2.5.6-9.SEC03.1.ep5.el5
spring2-beans-0:2.5.6-9.SEC03.1.ep5.el5
spring2-context-0:2.5.6-9.SEC03.1.ep5.el5
spring2-core-0:2.5.6-9.SEC03.1.ep5.el5
wss4j-0:1.5.12-4.1_patch_02.ep5.el5
xerces-j2-0:2.9.1-10.patch02.ep5.el5
xerces-j2-scripts-0:2.9.1-10.patch02.ep5.el5
xml-commons-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-jaxp-1.1-apis-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-jaxp-1.2-apis-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-jaxp-1.3-apis-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-resolver10-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-resolver11-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-resolver12-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-which10-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-which11-0:1.3.04-8.2_patch_01.ep5.el5
xml-security-0:1.5.1-2.ep5.el5
aopalliance-0:1.0-5.2.jdk6.ep5.el4
apache-cxf-0:2.2.12-6.1.patch_04.ep5.el4
bsh2-0:2.0-0.b4.15.1.patch01.ep5.el4
bsh2-bsf-0:2.0-0.b4.15.1.patch01.ep5.el4
glassfish-jaxb-0:2.1.12-12_patch_03.ep5.el4
google-guice-0:2.0-3.ep5.el4
hibernate3-1:3.3.2-1.6.GA_CP05.ep5.el4
hibernate3-annotations-0:3.4.0-3.4.GA_CP05.ep5.el4
hibernate3-annotations-javadoc-0:3.4.0-3.4.GA_CP05.ep5.el4
hibernate3-entitymanager-0:3.4.0-4.4.GA_CP05.ep5.el4
hibernate3-entitymanager-javadoc-0:3.4.0-4.4.GA_CP05.ep5.el4
hibernate3-javadoc-1:3.3.2-1.6.GA_CP05.ep5.el4
hibernate3-search-0:3.1.1-2.3.GA_CP05.ep5.el4
hibernate3-search-javadoc-0:3.1.1-2.3.GA_CP05.ep5.el4
hornetq-0:2.2.24-1.EAP.GA.ep5.el4
hornetq-native-0:2.2.20-1.EAP.GA.1.ep5.el4
hornetq-native-debuginfo-0:2.2.20-1.EAP.GA.1.ep5.el4
jacorb-jboss-0:2.3.2-2.jboss_1.ep5.el4
javassist-0:3.12.0-6.SP1.ep5.el4
jboss-aop2-0:2.1.6-5.CP06.ep5.el4
jboss-bootstrap-0:1.0.2-1.ep5.el4
jboss-cache-core-0:3.2.11-1.GA.ep5.el4
jboss-cache-pojo-0:3.0.1-1.1.ep5.el4
jboss-cl-0:2.0.11-1.GA.ep5.el4
jboss-cluster-ha-server-api-0:1.2.1-2.ep5.el4
jboss-common-beans-0:1.0.1-2.1.Final.ep5.el4
jboss-common-core-0:2.2.21-1.ep5.el4
jboss-eap5-native-0:5.2.0-6.ep5.el4
jboss-ejb-3.0-api-0:5.0.2-2.ep5.el4
jboss-ejb3-cache-0:1.0.0-4.ep5.el4
jboss-ejb3-core-0:1.3.9-0.4.ep5.el4
jboss-ejb3-ext-api-0:1.0.0-4.1.ep5.el4
jboss-ejb3-ext-api-impl-0:1.0.0-3.7.ep5.el4
jboss-ejb3-interceptors-0:1.0.9-0.1.ep5.el4
jboss-ejb3-metadata-0:1.0.0-3.ep5.el4
jboss-ejb3-metrics-deployer-0:1.1.1-0.1.ep5.el4
jboss-ejb3-security-0:1.0.2-0.5.ep5.el4
jboss-ejb3-timeout-0:0.1.1-0.5.ep5.el4
jboss-ejb3-timeout-3.0-api-0:0.1.1-0.5.ep5.el4
jboss-ejb3-timeout-spi-0:0.1.1-0.5.ep5.el4
jboss-ejb3-transactions-0:1.0.2-1.4.ep5.el4
jboss-jacc-1.1-api-0:5.0.2-2.ep5.el4
jboss-jad-1.2-api-0:5.0.2-2.ep5.el4
jboss-jaspi-1.0-api-0:5.0.2-2.ep5.el4
jboss-javaee-0:5.0.2-2.ep5.el4
jboss-javaee-poms-0:5.0.2-2.ep5.el4
jboss-jaxrpc-api_1.1_spec-0:1.0.0-16.ep5.el4
jboss-jca-1.5-api-0:5.0.2-2.ep5.el4
jboss-jms-1.1-api-0:5.0.2-2.ep5.el4
jboss-jpa-deployers-0:1.0.0-6.SP2.ep5.el4
jboss-logmanager-0:1.1.2-6.GA_patch_01.ep5.el4
jboss-messaging-0:1.4.8-12.SP9.1.ep5.el4
jboss-naming-0:5.0.3-5.CP02.ep5.el4
jboss-reflect-0:2.0.4-2.1.ep5.el4
jboss-remoting-0:2.5.4-10.SP4.1.ep5.el4
jboss-seam2-0:2.2.6.EAP5-9.ep5.el4
jboss-seam2-docs-0:2.2.6.EAP5-9.ep5.el4
jboss-seam2-examples-0:2.2.6.EAP5-9.ep5.el4
jboss-seam2-runtime-0:2.2.6.EAP5-9.ep5.el4
jboss-security-negotiation-0:2.1.3-1.GA.ep5.el4
jboss-security-spi-1:2.0.5-4.SP3_1.ep5.el4
jboss-transaction-1.0.1-api-0:5.0.2-2.ep5.el4
jboss-vfs2-0:2.2.1-2.GA.ep5.el4
jbossas-0:5.2.0-14.ep5.el4
jbossas-client-0:5.2.0-14.ep5.el4
jbossas-hornetq-0:5.2.0-6.ep5.el4
jbossas-messaging-0:5.2.0-14.ep5.el4
jbossas-tp-licenses-0:5.2.0-7.ep5.el4
jbossas-ws-cxf-0:5.2.0-8.ep5.el4
jbossas-ws-native-0:5.2.0-14.ep5.el4
jbosssx2-0:2.0.5-8.3.SP3_1.ep5.el4
jbossts-1:4.6.1-12.CP13.8.ep5.el4
jbossts-javadoc-1:4.6.1-12.CP13.8.ep5.el4
jbossweb-0:2.1.13-2_patch_01.ep5.el4
jbossweb-el-1.0-api-0:2.1.13-2_patch_01.ep5.el4
jbossweb-jsp-2.1-api-0:2.1.13-2_patch_01.ep5.el4
jbossweb-lib-0:2.1.13-2_patch_01.ep5.el4
jbossweb-servlet-2.5-api-0:2.1.13-2_patch_01.ep5.el4
jbossws-0:3.1.2-13.SP15_patch_01.ep5.el4
jbossws-common-0:1.1.0-9.SP10.ep5.el4
jbossws-framework-0:3.1.2-9.SP13.ep5.el4
jbossws-spi-0:1.1.2-6.SP8.ep5.el4
jgroups-1:2.6.22-1.ep5.el4
jopr-embedded-0:1.3.4-19.SP6.9.ep5.el4
jopr-hibernate-plugin-0:3.0.0-14.EmbJopr5.ep5.el4
jopr-jboss-as-5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
jopr-jboss-cache-v3-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
mod_cluster-demo-0:1.0.10-12.2.GA_CP04.ep5.el4
mod_cluster-jbossas-0:1.0.10-12.2.GA_CP04.ep5.el4
mod_cluster-jbossweb2-0:1.0.10-12.2.GA_CP04.ep5.el4
mod_cluster-native-0:1.0.10-10.GA_CP04_patch01.ep5.el4
mod_cluster-native-debuginfo-0:1.0.10-10.GA_CP04_patch01.ep5.el4
mod_cluster-tomcat6-0:1.0.10-12.2.GA_CP04.ep5.el4
netty-0:3.2.5-6.ep5.el4
picketlink-federation-0:2.1.5-3.ep5.el4
picketlink-quickstarts-0:2.1.5-1.ep5.el4
picketlink-quickstarts-idp-0:2.1.5-1.ep5.el4
picketlink-quickstarts-pdp-0:2.1.5-1.ep5.el4
picketlink-quickstarts-sts-0:2.1.5-1.ep5.el4
resteasy-0:1.2.1-18.CP02_patch02.1.ep5.el4
resteasy-examples-0:1.2.1-18.CP02_patch02.1.ep5.el4
resteasy-javadoc-0:1.2.1-18.CP02_patch02.1.ep5.el4
resteasy-manual-0:1.2.1-18.CP02_patch02.1.ep5.el4
rh-eap-docs-0:5.2.0-7.ep5.el4
rh-eap-docs-examples-0:5.2.0-7.ep5.el4
rhq-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-common-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-client-api-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-comm-api-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-domain-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-gui-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-native-system-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-plugin-api-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-plugin-container-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-util-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-jboss-as-common-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-jmx-plugin-0:3.0.0-21.EmbJopr5.ep5.el4
rhq-modules-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-platform-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
rhq-plugins-parent-0:3.0.0-22.EmbJopr5.ep5.el4
spring2-0:2.5.6-9.SEC03.1.ep5.el4
spring2-agent-0:2.5.6-9.SEC03.1.ep5.el4
spring2-all-0:2.5.6-9.SEC03.1.ep5.el4
spring2-aop-0:2.5.6-9.SEC03.1.ep5.el4
spring2-beans-0:2.5.6-9.SEC03.1.ep5.el4
spring2-context-0:2.5.6-9.SEC03.1.ep5.el4
spring2-core-0:2.5.6-9.SEC03.1.ep5.el4
wss4j-0:1.5.12-4.2_patch_02.ep5.el4
xerces-j2-0:2.9.1-10.patch02.ep5.el4
xml-commons-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-jaxp-1.1-apis-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-jaxp-1.2-apis-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-jaxp-1.3-apis-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-resolver10-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-resolver11-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-resolver12-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-which10-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-which11-1:1.3.04-8.2_patch_01.ep5.el4
xml-security-0:1.5.1-2.ep5.el4
aopalliance-0:1.0-5.3.ep5.el6
apache-cxf-0:2.2.12-6.1.patch_04.ep5.el6
bsh2-0:2.0-0.b4.15.patch01.ep5.el6
bsh2-bsf-0:2.0-0.b4.15.patch01.ep5.el6
glassfish-jaxb-0:2.1.12-12_patch_03.ep5.el6
google-guice-0:2.0-3.ep5.el6
hibernate3-1:3.3.2-1.9.GA_CP05.ep5.el6
hibernate3-annotations-0:3.4.0-3.6.GA_CP05.ep5.el6
hibernate3-annotations-javadoc-0:3.4.0-3.6.GA_CP05.ep5.el6
hibernate3-entitymanager-0:3.4.0-4.5.GA_CP05.ep5.el6
hibernate3-entitymanager-javadoc-0:3.4.0-4.5.GA_CP05.ep5.el6
hibernate3-javadoc-1:3.3.2-1.9.GA_CP05.ep5.el6
hibernate3-search-0:3.1.1-2.5.GA_CP05.ep5.el6
hibernate3-search-javadoc-0:3.1.1-2.5.GA_CP05.ep5.el6
hsqldb-2:1.8.0.10-11_patch_01.1.ep5.el6
jacorb-jboss-0:2.3.2-2.jboss_1.ep5.el6
javassist-0:3.12.0-6.SP1.ep5.el6
jboss-aop2-0:2.1.6-5.CP06.ep5.el6
jboss-bootstrap-0:1.0.2-1.ep5.el6
jboss-cache-core-0:3.2.11-1.GA.ep5.el6
jboss-cache-pojo-0:3.0.1-1.ep5.el6
jboss-cl-0:2.0.11-4.GA.ep5.el6
jboss-cluster-ha-server-api-0:1.2.1-2.ep5.el6
jboss-common-beans-0:1.0.1-2.Final.ep5.el6
jboss-common-core-0:2.2.21-1.ep5.el6
jboss-eap5-native-0:5.2.0-6.ep5.el6
jboss-ejb-3.0-api-0:5.0.2-2.ep5.el6
jboss-ejb3-cache-0:1.0.0-4.ep5.el6
jboss-ejb3-core-0:1.3.9-0.4.ep5.el6
jboss-ejb3-ext-api-0:1.0.0-4.1.ep5.el6
jboss-ejb3-ext-api-impl-0:1.0.0-3.7.ep5.el6
jboss-ejb3-interceptors-0:1.0.9-0.2.ep5.el6
jboss-ejb3-metadata-0:1.0.0-3.ep5.el6
jboss-ejb3-metrics-deployer-0:1.1.1-0.1.ep5.el6
jboss-ejb3-security-0:1.0.2-0.5.ep5.el6
jboss-ejb3-timeout-0:0.1.1-0.8.ep5.el6
jboss-ejb3-timeout-3.0-api-0:0.1.1-0.8.ep5.el6
jboss-ejb3-timeout-spi-0:0.1.1-0.8.ep5.el6
jboss-ejb3-transactions-0:1.0.2-1.6.ep5.el6
jboss-jacc-1.1-api-0:5.0.2-2.ep5.el6
jboss-jad-1.2-api-0:5.0.2-2.ep5.el6
jboss-jaspi-1.0-api-0:5.0.2-2.ep5.el6
jboss-javaee-0:5.0.2-2.ep5.el6
jboss-javaee-poms-0:5.0.2-2.ep5.el6
jboss-jaxrpc-api_1.1_spec-0:1.0.0-16.ep5.el6
jboss-jca-1.5-api-0:5.0.2-2.ep5.el6
jboss-jms-1.1-api-0:5.0.2-2.ep5.el6
jboss-jpa-deployers-0:1.0.0-6.SP2.ep5.el6
jboss-logmanager-0:1.1.2-6.GA_patch_01.ep5.el6
jboss-naming-0:5.0.3-5.CP02.ep5.el6
jboss-reflect-0:2.0.4-2.ep5.el6
jboss-remoting-0:2.5.4-10.SP4.1.ep5.el6
jboss-seam2-0:2.2.6.EAP5-14.ep5.el6
jboss-seam2-docs-0:2.2.6.EAP5-14.ep5.el6
jboss-seam2-examples-0:2.2.6.EAP5-14.ep5.el6
jboss-seam2-runtime-0:2.2.6.EAP5-14.ep5.el6
jboss-security-negotiation-0:2.1.3-1.GA.ep5.el6
jboss-security-spi-1:2.0.5-4.SP3_1.ep5.el6
jboss-transaction-1.0.1-api-0:5.0.2-2.ep5.el6
jboss-vfs2-0:2.2.1-4.GA.ep5.el6
jbossas-web-0:5.2.0-16.ep5.el6
jbossas-web-client-0:5.2.0-16.ep5.el6
jbossas-web-tp-licenses-0:5.2.0-8.ep5.el6
jbossas-web-ws-native-0:5.2.0-16.ep5.el6
jbossas-ws-cxf-ewp-0:5.2.0-11.ep5.el6
jbosssx2-0:2.0.5-8.3.SP3_1.ep5.el6
jbossts-1:4.6.1-12.CP13.7.ep5.el6
jbossts-javadoc-1:4.6.1-12.CP13.7.ep5.el6
jbossweb-0:2.1.13-2_patch_01.ep5.el6
jbossweb-el-1.0-api-0:2.1.13-2_patch_01.ep5.el6
jbossweb-jsp-2.1-api-0:2.1.13-2_patch_01.ep5.el6
jbossweb-lib-0:2.1.13-2_patch_01.ep5.el6
jbossweb-servlet-2.5-api-0:2.1.13-2_patch_01.ep5.el6
jbossws-0:3.1.2-13.SP15_patch_01.ep5.el6
jbossws-common-0:1.1.0-9.SP10.ep5.el6
jbossws-framework-0:3.1.2-9.SP13.ep5.el6
jbossws-spi-0:1.1.2-6.SP8.ep5.el6
jgroups-1:2.6.22-1.ep5.el6
jopr-embedded-0:1.3.4-19.SP6.9.ep5.el6
jopr-hibernate-plugin-0:3.0.0-14.EmbJopr5.ep5.el6
jopr-jboss-as-5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6
jopr-jboss-cache-v3-plugin-0:3.0.0-15.EmbJopr5.ep5.el6
mod_cluster-demo-0:1.0.10-12.2.GA_CP04.ep5.el6
mod_cluster-jbossas-0:1.0.10-12.2.GA_CP04.ep5.el6
mod_cluster-jbossweb2-0:1.0.10-12.2.GA_CP04.ep5.el6
mod_cluster-native-0:1.0.10-10.GA_CP04_patch01.ep5.el6
mod_cluster-native-debuginfo-0:1.0.10-10.GA_CP04_patch01.ep5.el6
mod_cluster-tomcat6-0:1.0.10-12.2.GA_CP04.ep5.el6
picketlink-federation-0:2.1.5-3.ep5.el6
picketlink-quickstarts-0:2.1.5-1.ep5.el6
picketlink-quickstarts-idp-0:2.1.5-1.ep5.el6
picketlink-quickstarts-pdp-0:2.1.5-1.ep5.el6
picketlink-quickstarts-sts-0:2.1.5-1.ep5.el6
resteasy-0:1.2.1-17.CP02_patch02.1.ep5.el6
resteasy-examples-0:1.2.1-17.CP02_patch02.1.ep5.el6
resteasy-javadoc-0:1.2.1-17.CP02_patch02.1.ep5.el6
resteasy-manual-0:1.2.1-17.CP02_patch02.1.ep5.el6
rh-ewp-docs-0:5.2.0-11.ep5.el6
rh-ewp-docs-examples-0:5.2.0-11.ep5.el6
rhq-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-ant-bundle-common-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-common-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-client-api-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-comm-api-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-dbutils-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-domain-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-gui-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-native-system-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-plugin-api-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-plugin-container-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-plugindoc-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-core-util-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-filetemplate-bundle-common-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-helpers-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-jboss-as-common-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-jmx-plugin-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-modules-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-platform-plugin-0:3.0.0-14.EmbJopr5.ep5.el6
rhq-plugin-validator-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-pluginAnnotations-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-pluginGen-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-plugins-parent-0:3.0.0-21.EmbJopr5.ep5.el6
rhq-rtfilter-0:3.0.0-21.EmbJopr5.ep5.el6
spring2-0:2.5.6-9.SEC03.1.ep5.el6
spring2-agent-0:2.5.6-9.SEC03.1.ep5.el6
spring2-all-0:2.5.6-9.SEC03.1.ep5.el6
spring2-aop-0:2.5.6-9.SEC03.1.ep5.el6
spring2-beans-0:2.5.6-9.SEC03.1.ep5.el6
spring2-context-0:2.5.6-9.SEC03.1.ep5.el6
spring2-core-0:2.5.6-9.SEC03.1.ep5.el6
wss4j-0:1.5.12-4_patch_02.ep5.el6
xerces-j2-0:2.9.1-10.patch02.ep5.el6
xerces-j2-scripts-0:2.9.1-10.patch02.ep5.el6
xml-commons-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-jaxp-1.1-apis-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-jaxp-1.2-apis-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-jaxp-1.3-apis-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-resolver10-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-resolver11-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-resolver12-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-which10-0:1.3.04-8.2_patch_01.ep5.el6
xml-commons-which11-0:1.3.04-8.2_patch_01.ep5.el6
xml-security-0:1.5.1-2.ep5.el6
aopalliance-0:1.0-5.2.jdk6.ep5.el5
apache-cxf-0:2.2.12-6.1.patch_04.ep5.el5
bsh2-0:2.0-0.b4.15.1.patch01.ep5.el5
bsh2-bsf-0:2.0-0.b4.15.1.patch01.ep5.el5
glassfish-jaxb-0:2.1.12-12_patch_03.ep5.el5
google-guice-0:2.0-3.ep5.el5
hibernate3-1:3.3.2-1.5.GA_CP05.ep5.el5
hibernate3-annotations-0:3.4.0-3.3.GA_CP05.ep5.el5
hibernate3-annotations-javadoc-0:3.4.0-3.3.GA_CP05.ep5.el5
hibernate3-entitymanager-0:3.4.0-4.4.GA_CP05.ep5.el5
hibernate3-entitymanager-javadoc-0:3.4.0-4.4.GA_CP05.ep5.el5
hibernate3-javadoc-1:3.3.2-1.5.GA_CP05.ep5.el5
hibernate3-search-0:3.1.1-2.4.GA_CP05.ep5.el5
hibernate3-search-javadoc-0:3.1.1-2.4.GA_CP05.ep5.el5
jacorb-jboss-0:2.3.2-2.jboss_1.ep5.el5
javassist-0:3.12.0-6.SP1.ep5.el5
jboss-aop2-0:2.1.6-5.CP06.ep5.el5
jboss-bootstrap-0:1.0.2-1.ep5.el5
jboss-cache-core-0:3.2.11-1.GA.ep5.el5
jboss-cache-pojo-0:3.0.1-1.1.ep5.el5
jboss-cl-0:2.0.11-1.GA.ep5.el5
jboss-cluster-ha-server-api-0:1.2.1-2.ep5.el5
jboss-common-beans-0:1.0.1-2.1.Final.ep5.el5
jboss-common-core-0:2.2.21-1.ep5.el5
jboss-eap5-native-0:5.2.0-6.ep5.el5
jboss-ejb-3.0-api-0:5.0.2-2.ep5.el5
jboss-ejb3-cache-0:1.0.0-4.ep5.el5
jboss-ejb3-core-0:1.3.9-0.4.ep5.el5
jboss-ejb3-ext-api-0:1.0.0-4.1.ep5.el5
jboss-ejb3-ext-api-impl-0:1.0.0-3.7.ep5.el5
jboss-ejb3-interceptors-0:1.0.9-0.1.ep5.el5
jboss-ejb3-metadata-0:1.0.0-3.ep5.el5
jboss-ejb3-metrics-deployer-0:1.1.1-0.1.ep5.el5
jboss-ejb3-security-0:1.0.2-0.5.ep5.el5
jboss-ejb3-timeout-0:0.1.1-0.5.ep5.el5
jboss-ejb3-timeout-3.0-api-0:0.1.1-0.5.ep5.el5
jboss-ejb3-timeout-spi-0:0.1.1-0.5.ep5.el5
jboss-ejb3-transactions-0:1.0.2-1.4.ep5.el5
jboss-jacc-1.1-api-0:5.0.2-2.ep5.el5
jboss-jad-1.2-api-0:5.0.2-2.ep5.el5
jboss-jaspi-1.0-api-0:5.0.2-2.ep5.el5
jboss-javaee-0:5.0.2-2.ep5.el5
jboss-javaee-poms-0:5.0.2-2.ep5.el5
jboss-jaxrpc-api_1.1_spec-0:1.0.0-16.ep5.el5
jboss-jca-1.5-api-0:5.0.2-2.ep5.el5
jboss-jms-1.1-api-0:5.0.2-2.ep5.el5
jboss-jpa-deployers-0:1.0.0-6.1SP2.ep5.el5
jboss-logmanager-0:1.1.2-6.GA_patch_01.ep5.el5
jboss-naming-0:5.0.3-5.1.CP02.ep5.el5
jboss-reflect-0:2.0.4-2.1.ep5.el5
jboss-remoting-0:2.5.4-10.SP4.1.ep5.el5
jboss-seam2-0:2.2.6.EAP5-10.ep5.el5
jboss-seam2-docs-0:2.2.6.EAP5-10.ep5.el5
jboss-seam2-examples-0:2.2.6.EAP5-10.ep5.el5
jboss-seam2-runtime-0:2.2.6.EAP5-10.ep5.el5
jboss-security-negotiation-0:2.1.3-1.GA.ep5.el5
jboss-security-spi-1:2.0.5-4.SP3_1.ep5.el5
jboss-transaction-1.0.1-api-0:5.0.2-2.ep5.el5
jboss-vfs2-0:2.2.1-4.GA.ep5.el5
jbossas-web-0:5.2.0-8.ep5.el5
jbossas-web-client-0:5.2.0-8.ep5.el5
jbossas-web-tp-licenses-0:5.2.0-7.ep5.el5
jbossas-web-ws-native-0:5.2.0-8.ep5.el5
jbossas-ws-cxf-ewp-0:5.2.0-7.ep5.el5
jbosssx2-0:2.0.5-8.SP3_1.ep5.el5
jbossts-1:4.6.1-12.CP13.8.ep5.el5
jbossts-javadoc-1:4.6.1-12.CP13.8.ep5.el5
jbossweb-0:2.1.13-2_patch_01.ep5.el5
jbossweb-el-1.0-api-0:2.1.13-2_patch_01.ep5.el5
jbossweb-jsp-2.1-api-0:2.1.13-2_patch_01.ep5.el5
jbossweb-lib-0:2.1.13-2_patch_01.ep5.el5
jbossweb-servlet-2.5-api-0:2.1.13-2_patch_01.ep5.el5
jbossws-0:3.1.2-13.SP15_patch_01.ep5.el5
jbossws-common-0:1.1.0-9.SP10.ep5.el5
jbossws-framework-0:3.1.2-9.SP13.ep5.el5
jbossws-spi-0:1.1.2-6.SP8.ep5.el5
jgroups-1:2.6.22-1.ep5.el5
jopr-embedded-0:1.3.4-19.SP6.9.ep5.el5
jopr-hibernate-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
jopr-jboss-as-5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
jopr-jboss-cache-v3-plugin-0:3.0.0-15.EmbJopr5.ep5.el5
mod_cluster-demo-0:1.0.10-12.2.GA_CP04.ep5.el5
mod_cluster-jbossas-0:1.0.10-12.2.GA_CP04.ep5.el5
mod_cluster-jbossweb2-0:1.0.10-12.2.GA_CP04.ep5.el5
mod_cluster-native-0:1.0.10-10.GA_CP04_patch01.ep5.el5
mod_cluster-native-debuginfo-0:1.0.10-10.GA_CP04_patch01.ep5.el5
mod_cluster-tomcat6-0:1.0.10-12.2.GA_CP04.ep5.el5
picketlink-federation-0:2.1.5-3.ep5.el5
picketlink-quickstarts-0:2.1.5-1.ep5.el5
picketlink-quickstarts-idp-0:2.1.5-1.ep5.el5
picketlink-quickstarts-pdp-0:2.1.5-1.ep5.el5
picketlink-quickstarts-sts-0:2.1.5-1.ep5.el5
resteasy-0:1.2.1-18.CP02_patch02.1.ep5.el5
resteasy-examples-0:1.2.1-18.CP02_patch02.1.ep5.el5
resteasy-javadoc-0:1.2.1-18.CP02_patch02.1.ep5.el5
resteasy-manual-0:1.2.1-18.CP02_patch02.1.ep5.el5
rh-ewp-docs-0:5.2.0-6.ep5.el5
rh-ewp-docs-examples-0:5.2.0-6.ep5.el5
rhq-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-common-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-client-api-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-comm-api-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-domain-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-gui-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-native-system-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-plugin-api-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-plugin-container-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-core-util-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-jboss-as-common-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-jmx-plugin-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-modules-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-parent-0:3.0.0-21.EmbJopr5.ep5.el5
rhq-platform-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
rhq-plugins-parent-0:3.0.0-21.EmbJopr5.ep5.el5
spring2-0:2.5.6-9.SEC03.1.ep5.el5
spring2-agent-0:2.5.6-9.SEC03.1.ep5.el5
spring2-all-0:2.5.6-9.SEC03.1.ep5.el5
spring2-aop-0:2.5.6-9.SEC03.1.ep5.el5
spring2-beans-0:2.5.6-9.SEC03.1.ep5.el5
spring2-context-0:2.5.6-9.SEC03.1.ep5.el5
spring2-core-0:2.5.6-9.SEC03.1.ep5.el5
wss4j-0:1.5.12-4.1_patch_02.ep5.el5
xerces-j2-0:2.9.1-10.patch02.ep5.el5
xerces-j2-scripts-0:2.9.1-10.patch02.ep5.el5
xml-commons-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-jaxp-1.1-apis-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-jaxp-1.2-apis-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-jaxp-1.3-apis-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-resolver10-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-resolver11-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-resolver12-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-which10-0:1.3.04-8.2_patch_01.ep5.el5
xml-commons-which11-0:1.3.04-8.2_patch_01.ep5.el5
xml-security-0:1.5.1-2.ep5.el5
aopalliance-0:1.0-5.2.jdk6.ep5.el4
apache-cxf-0:2.2.12-6.1.patch_04.ep5.el4
bsh2-0:2.0-0.b4.15.1.patch01.ep5.el4
bsh2-bsf-0:2.0-0.b4.15.1.patch01.ep5.el4
glassfish-jaxb-0:2.1.12-12_patch_03.ep5.el4
google-guice-0:2.0-3.ep5.el4
hibernate3-1:3.3.2-1.6.GA_CP05.ep5.el4
hibernate3-annotations-0:3.4.0-3.4.GA_CP05.ep5.el4
hibernate3-annotations-javadoc-0:3.4.0-3.4.GA_CP05.ep5.el4
hibernate3-entitymanager-0:3.4.0-4.4.GA_CP05.ep5.el4
hibernate3-entitymanager-javadoc-0:3.4.0-4.4.GA_CP05.ep5.el4
hibernate3-javadoc-1:3.3.2-1.6.GA_CP05.ep5.el4
hibernate3-search-0:3.1.1-2.3.GA_CP05.ep5.el4
hibernate3-search-javadoc-0:3.1.1-2.3.GA_CP05.ep5.el4
jacorb-jboss-0:2.3.2-2.jboss_1.ep5.el4
javassist-0:3.12.0-6.SP1.ep5.el4
jboss-aop2-0:2.1.6-5.CP06.ep5.el4
jboss-bootstrap-0:1.0.2-1.ep5.el4
jboss-cache-core-0:3.2.11-1.GA.ep5.el4
jboss-cache-pojo-0:3.0.1-1.1.ep5.el4
jboss-cl-0:2.0.11-1.GA.ep5.el4
jboss-cluster-ha-server-api-0:1.2.1-2.ep5.el4
jboss-common-beans-0:1.0.1-2.1.Final.ep5.el4
jboss-common-core-0:2.2.21-1.ep5.el4
jboss-eap5-native-0:5.2.0-6.ep5.el4
jboss-ejb-3.0-api-0:5.0.2-2.ep5.el4
jboss-ejb3-cache-0:1.0.0-4.ep5.el4
jboss-ejb3-core-0:1.3.9-0.4.ep5.el4
jboss-ejb3-ext-api-0:1.0.0-4.1.ep5.el4
jboss-ejb3-ext-api-impl-0:1.0.0-3.7.ep5.el4
jboss-ejb3-interceptors-0:1.0.9-0.1.ep5.el4
jboss-ejb3-metadata-0:1.0.0-3.ep5.el4
jboss-ejb3-metrics-deployer-0:1.1.1-0.1.ep5.el4
jboss-ejb3-security-0:1.0.2-0.5.ep5.el4
jboss-ejb3-timeout-0:0.1.1-0.5.ep5.el4
jboss-ejb3-timeout-3.0-api-0:0.1.1-0.5.ep5.el4
jboss-ejb3-timeout-spi-0:0.1.1-0.5.ep5.el4
jboss-ejb3-transactions-0:1.0.2-1.4.ep5.el4
jboss-jacc-1.1-api-0:5.0.2-2.ep5.el4
jboss-jad-1.2-api-0:5.0.2-2.ep5.el4
jboss-jaspi-1.0-api-0:5.0.2-2.ep5.el4
jboss-javaee-0:5.0.2-2.ep5.el4
jboss-javaee-poms-0:5.0.2-2.ep5.el4
jboss-jaxrpc-api_1.1_spec-0:1.0.0-16.ep5.el4
jboss-jca-1.5-api-0:5.0.2-2.ep5.el4
jboss-jms-1.1-api-0:5.0.2-2.ep5.el4
jboss-jpa-deployers-0:1.0.0-6.SP2.ep5.el4
jboss-logmanager-0:1.1.2-6.GA_patch_01.ep5.el4
jboss-naming-0:5.0.3-5.CP02.ep5.el4
jboss-reflect-0:2.0.4-2.1.ep5.el4
jboss-remoting-0:2.5.4-10.SP4.1.ep5.el4
jboss-seam2-0:2.2.6.EAP5-9.ep5.el4
jboss-seam2-docs-0:2.2.6.EAP5-9.ep5.el4
jboss-seam2-examples-0:2.2.6.EAP5-9.ep5.el4
jboss-seam2-runtime-0:2.2.6.EAP5-9.ep5.el4
jboss-security-negotiation-0:2.1.3-1.GA.ep5.el4
jboss-security-spi-1:2.0.5-4.SP3_1.ep5.el4
jboss-transaction-1.0.1-api-0:5.0.2-2.ep5.el4
jboss-vfs2-0:2.2.1-2.GA.ep5.el4
jbossas-web-0:5.2.0-7.ep5.el4
jbossas-web-client-0:5.2.0-7.ep5.el4
jbossas-web-tp-licenses-0:5.2.0-7.ep5.el4
jbossas-web-ws-native-0:5.2.0-7.ep5.el4
jbossas-ws-cxf-ewp-0:5.2.0-8.ep5.el4
jbosssx2-0:2.0.5-8.3.SP3_1.ep5.el4
jbossts-1:4.6.1-12.CP13.8.ep5.el4
jbossts-javadoc-1:4.6.1-12.CP13.8.ep5.el4
jbossweb-0:2.1.13-2_patch_01.ep5.el4
jbossweb-el-1.0-api-0:2.1.13-2_patch_01.ep5.el4
jbossweb-jsp-2.1-api-0:2.1.13-2_patch_01.ep5.el4
jbossweb-lib-0:2.1.13-2_patch_01.ep5.el4
jbossweb-servlet-2.5-api-0:2.1.13-2_patch_01.ep5.el4
jbossws-0:3.1.2-13.SP15_patch_01.ep5.el4
jbossws-common-0:1.1.0-9.SP10.ep5.el4
jbossws-framework-0:3.1.2-9.SP13.ep5.el4
jbossws-spi-0:1.1.2-6.SP8.ep5.el4
jgroups-1:2.6.22-1.ep5.el4
jopr-embedded-0:1.3.4-19.SP6.9.ep5.el4
jopr-hibernate-plugin-0:3.0.0-14.EmbJopr5.ep5.el4
jopr-jboss-as-5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
jopr-jboss-cache-v3-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
mod_cluster-demo-0:1.0.10-12.2.GA_CP04.ep5.el4
mod_cluster-jbossas-0:1.0.10-12.2.GA_CP04.ep5.el4
mod_cluster-jbossweb2-0:1.0.10-12.2.GA_CP04.ep5.el4
mod_cluster-native-0:1.0.10-10.GA_CP04_patch01.ep5.el4
mod_cluster-native-debuginfo-0:1.0.10-10.GA_CP04_patch01.ep5.el4
mod_cluster-tomcat6-0:1.0.10-12.2.GA_CP04.ep5.el4
picketlink-federation-0:2.1.5-3.ep5.el4
picketlink-quickstarts-0:2.1.5-1.ep5.el4
picketlink-quickstarts-idp-0:2.1.5-1.ep5.el4
picketlink-quickstarts-pdp-0:2.1.5-1.ep5.el4
picketlink-quickstarts-sts-0:2.1.5-1.ep5.el4
resteasy-0:1.2.1-18.CP02_patch02.1.ep5.el4
resteasy-examples-0:1.2.1-18.CP02_patch02.1.ep5.el4
resteasy-javadoc-0:1.2.1-18.CP02_patch02.1.ep5.el4
resteasy-manual-0:1.2.1-18.CP02_patch02.1.ep5.el4
rh-ewp-docs-0:5.2.0-7.ep5.el4
rh-ewp-docs-examples-0:5.2.0-7.ep5.el4
rhq-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-common-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-client-api-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-comm-api-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-domain-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-gui-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-native-system-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-plugin-api-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-plugin-container-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-core-util-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-jboss-as-common-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-jmx-plugin-0:3.0.0-21.EmbJopr5.ep5.el4
rhq-modules-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-parent-0:3.0.0-22.EmbJopr5.ep5.el4
rhq-platform-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
rhq-plugins-parent-0:3.0.0-22.EmbJopr5.ep5.el4
spring2-0:2.5.6-9.SEC03.1.ep5.el4
spring2-agent-0:2.5.6-9.SEC03.1.ep5.el4
spring2-all-0:2.5.6-9.SEC03.1.ep5.el4
spring2-aop-0:2.5.6-9.SEC03.1.ep5.el4
spring2-beans-0:2.5.6-9.SEC03.1.ep5.el4
spring2-context-0:2.5.6-9.SEC03.1.ep5.el4
spring2-core-0:2.5.6-9.SEC03.1.ep5.el4
wss4j-0:1.5.12-4.2_patch_02.ep5.el4
xerces-j2-0:2.9.1-10.patch02.ep5.el4
xerces-j2-scripts-0:2.9.1-10.patch02.ep5.el4
xml-commons-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-jaxp-1.1-apis-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-jaxp-1.2-apis-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-jaxp-1.3-apis-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-resolver10-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-resolver11-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-resolver12-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-which10-1:1.3.04-8.2_patch_01.ep5.el4
xml-commons-which11-1:1.3.04-8.2_patch_01.ep5.el4
xml-security-0:1.5.1-2.ep5.el4

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References