Vulnerabilities > CVE-2014-0118 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-388.NASL
    descriptionA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id78331
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78331
    titleAmazon Linux AMI : httpd (ALAS-2014-388)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-388.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78331);
      script_version("1.6");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231");
      script_xref(name:"ALAS", value:"2014-388");
      script_xref(name:"RHSA", value:"2014:0920");
    
      script_name(english:"Amazon Linux AMI : httpd (ALAS-2014-388)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A race condition flaw, leading to heap-based buffer overflows, was
    found in the mod_status httpd module. A remote attacker able to access
    a status page served by mod_status on a server using a threaded
    Multi-Processing Module (MPM) could send a specially crafted request
    that would cause the httpd child process to crash or, possibly, allow
    the attacker to execute arbitrary code with the privileges of the
    'apache' user. (CVE-2014-0226)
    
    A denial of service flaw was found in the way httpd's mod_deflate
    module handled request body decompression (configured via the
    'DEFLATE' input filter). A remote attacker able to send a request
    whose body would be decompressed could use this flaw to consume an
    excessive amount of system memory and CPU on the target system.
    (CVE-2014-0118)
    
    A denial of service flaw was found in the way httpd's mod_cgid module
    executed CGI scripts that did not read data from the standard input. A
    remote attacker could submit a specially crafted request that would
    cause the httpd child process to hang indefinitely. (CVE-2014-0231)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-388.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update httpd' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"httpd-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-debuginfo-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-devel-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-manual-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-tools-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mod_ssl-2.2.27-1.3.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1087.NASL
    descriptionRed Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77356
    published2014-08-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77356
    titleRHEL 6 : JBoss Web Server (RHSA-2014:1087)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1087. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77356);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2013-4590", "CVE-2014-0118", "CVE-2014-0119", "CVE-2014-0226", "CVE-2014-0227", "CVE-2014-0231");
      script_xref(name:"RHSA", value:"2014:1087");
    
      script_name(english:"RHEL 6 : JBoss Web Server (RHSA-2014:1087)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues
    and several bugs, is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Red Hat JBoss Web Server is a fully integrated and certified set of
    components for hosting Java web applications. It is comprised of the
    Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
    Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
    the Tomcat Native library.
    
    This release serves as a replacement for Red Hat JBoss Web Server
    2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web
    Server 2.1.0 Release Notes, linked to in the References section, for
    information on the most significant of these changes.
    
    The following security issues are also fixed with this release :
    
    A race condition flaw, leading to heap-based buffer overflows, was
    found in the mod_status httpd module. A remote attacker able to access
    a status page served by mod_status on a server using a threaded
    Multi-Processing Module (MPM) could send a specially crafted request
    that would cause the httpd child process to crash or, possibly, allow
    the attacker to execute arbitrary code with the privileges of the
    'apache' user. (CVE-2014-0226)
    
    A denial of service flaw was found in the way httpd's mod_deflate
    module handled request body decompression (configured via the
    'DEFLATE' input filter). A remote attacker able to send a request
    whose body would be decompressed could use this flaw to consume an
    excessive amount of system memory and CPU on the target system.
    (CVE-2014-0118)
    
    A denial of service flaw was found in the way httpd's mod_cgid module
    executed CGI scripts that did not read data from the standard input. A
    remote attacker could submit a specially crafted request that would
    cause the httpd child process to hang indefinitely. (CVE-2014-0231)
    
    It was found that several application-provided XML files, such as
    web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external
    entities, permitting XML External Entity (XXE) attacks. An attacker
    able to deploy malicious applications to Tomcat could use this flaw to
    circumvent security restrictions set by the JSM, and gain access to
    sensitive information on the system. Note that this flaw only affected
    deployments in which Tomcat is running applications from untrusted
    sources, such as in a shared hosting environment. (CVE-2013-4590)
    
    It was found that, in certain circumstances, it was possible for a
    malicious web application to replace the XML parsers used by Tomcat to
    process XSLTs for the default servlet, JSP documents, tag library
    descriptors (TLDs), and tag plug-in configuration files. The injected
    XML parser(s) could then bypass the limits imposed on XML external
    entities and/or gain access to the XML files processed for other web
    applications deployed on the same Tomcat instance. (CVE-2014-0119)
    
    All users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise
    Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The
    JBoss server process must be restarted for this update to take effect."
      );
      # https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?765407e2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0231"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:antlr-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dom4j-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:javassist-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-logging");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_rt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-native");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1087";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL6", rpm:"jws-2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss Web Server");
    
      if (rpm_check(release:"RHEL6", reference:"antlr-eap6-2.7.7-17.redhat_4.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-collections-eap6-3.2.1-15.redhat_3.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-collections-tomcat-eap6-3.2.1-15.redhat_3.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-logging-eap6-1.1.1-7.9_redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-logging-tomcat-eap6-1.1.1-7.9_redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-pool-tomcat-eap6-1.6-7.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-c3p0-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-core-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-entitymanager-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-envers-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-infinispan-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-debuginfo-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-debuginfo-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-devel-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-devel-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-manual-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-manual-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-tools-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-tools-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"jboss-logging-3.1.4-1.GA_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"jboss-transaction-api_1.1_spec-1.0.1-12.Final_redhat_2.2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-tomcat6-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-tomcat7-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_rt-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_rt-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_snmp-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_snmp-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_ssl-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_ssl-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"storeconfig-tc6-0.0.1-7.Alpha3_redhat_12.3.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"storeconfig-tc7-0.0.1-7.Alpha3_redhat_12.5.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"tomcat-native-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tomcat-native-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-admin-webapps-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-docs-webapp-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-el-2.1-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-javadoc-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-jsp-2.1-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-lib-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-log4j-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-servlet-2.5-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-webapps-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-admin-webapps-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-docs-webapp-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-el-2.2-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-javadoc-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-jsp-2.2-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-lib-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-log4j-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-servlet-3.0-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-webapps-7.0.54-6_patch_02.ep6.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "antlr-eap6 / apache-commons-collections-eap6 / etc");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201504-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201504-03 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id82733
    published2015-04-13
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82733
    titleGLSA-201504-03 : Apache: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201504-03.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82733);
      script_version("1.8");
      script_cvs_date("Date: 2018/12/05 20:31:22");
    
      script_cve_id("CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231");
      script_bugtraq_id(68678, 68742, 68745, 73135);
      script_xref(name:"GLSA", value:"201504-03");
    
      script_name(english:"GLSA-201504-03 : Apache: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201504-03
    (Apache: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Apache HTTP Server.
          Please review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker may be able to execute arbitrary code or cause a
          Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201504-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Apache users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.29'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-servers/apache", unaffected:make_list("ge 2.2.29"), vulnerable:make_list("lt 2.2.29"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache");
    }
    
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10685_CRED.NASL
    descriptionThe remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id84878
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84878
    titleJuniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2989.NASL
    descriptionSeveral security issues were found in the Apache HTTP server. - CVE-2014-0118 The DEFLATE input filter (inflates request bodies) in mod_deflate allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. - CVE-2014-0226 A race condition was found in mod_status. An attacker able to access a public server status page on a server could send carefully crafted requests which could lead to a heap buffer overflow, causing denial of service, disclosure of sensitive information, or potentially the execution of arbitrary code. - CVE-2014-0231 A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.
    last seen2020-03-17
    modified2014-07-26
    plugin id76844
    published2014-07-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76844
    titleDebian DSA-2989-1 : apache2 - security update
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10685.NASL
    descriptionThe remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id84877
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84877
    titleJuniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_5_5_4.NASL
    descriptionThe IBM WebSphere Application Server running on the remote host is version 8.5 prior to Fix Pack 8.5.5.4. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id80398
    published2015-01-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80398
    titleIBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0920.NASL
    descriptionFrom Red Hat Security Advisory 2014:0920 : Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76744
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76744
    titleOracle Linux 5 / 6 : httpd (ELSA-2014-0920)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0921.NASL
    descriptionFrom Red Hat Security Advisory 2014:0921 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76745
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76745
    titleOracle Linux 7 : httpd (ELSA-2014-0921)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-093.NASL
    descriptionUpdated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in mod_dav when handling DAV_WRITE requests (CVE-2013-6438). Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies (CVE-2014-0098). A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226). A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash (CVE-2014-0117). A denial of service flaw was found in the way httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id82346
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82346
    titleMandriva Linux Security Advisory : apache (MDVSA-2015:093)
  • NASL familyWeb Servers
    NASL idHPSMH_7_5.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id84923
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84923
    titleHP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-66.NASL
    descriptionCVE-2014-0231: prevent denial of service in mod_cgid. CVE-2014-0226: prevent denial of service via race in mod_status. CVE-2014-0118: fix resource consumption via mod_deflate body decompression. CVE-2013-6438: prevent denial of service via mod_dav incorrect end of string NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82211
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82211
    titleDebian DLA-66-1 : apache2 security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0921.NASL
    descriptionUpdated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76716
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76716
    titleCentOS 7 : httpd (CESA-2014:0921)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82700
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82700
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1020.NASL
    descriptionUpdated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77079
    published2014-08-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77079
    titleRHEL 6 : JBoss EAP (RHSA-2014:1020)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0920.NASL
    descriptionUpdated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76749
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76749
    titleRHEL 5 / 6 : httpd (RHSA-2014:0920)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-389.NASL
    descriptionA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id78332
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78332
    titleAmazon Linux AMI : httpd24 (ALAS-2014-389)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_APACHE_20141014.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value. (CVE-2013-4352) - The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. (CVE-2014-0117) - The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. (CVE-2014-0118) - Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. (CVE-2014-0226) - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. (CVE-2014-0231)
    last seen2020-06-01
    modified2020-06-02
    plugin id80589
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80589
    titleOracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1019.NASL
    descriptionUpdated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77078
    published2014-08-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77078
    titleRHEL 5 : JBoss EAP (RHSA-2014:1019)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0921.NASL
    descriptionUpdated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76905
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76905
    titleRHEL 7 : httpd (RHSA-2014:0921)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4364E1F10F4411E4B09020CF30E32F6D.NASL
    descriptionApache HTTP SERVER PROJECT reports : mod_proxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts.
    last seen2020-06-01
    modified2020-06-02
    plugin id76614
    published2014-07-21
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76614
    titleFreeBSD : apache24 -- several vulnerabilities (4364e1f1-0f44-11e4-b090-20cf30e32f6d)
  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL
    descriptionThe remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet (only in 5.0 / 5.1) - SGD SSL Daemon (ttassl) - Web Server
    last seen2020-06-01
    modified2020-06-02
    plugin id80912
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80912
    titleOracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_0_0_10.NASL
    descriptionThe remote host is running IBM WebSphere Application Server version 8.0 prior to Fix Pack 10. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id81401
    published2015-02-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81401
    titleIBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F927E06C110911E4B09020CF30E32F6D.NASL
    descriptionApache HTTP SERVER PROJECT reports : mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds
    last seen2020-06-01
    modified2020-06-02
    plugin id76780
    published2014-07-25
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76780
    titleFreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-142.NASL
    descriptionUpdated apache package fixes security vulnerabilities : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226). A denial of service flaw was found in the way httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id76923
    published2014-07-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76923
    titleMandriva Linux Security Advisory : apache (MDVSA-2014:142)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-204-01.NASL
    descriptionNew httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id76712
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76712
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2014-204-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1088.NASL
    descriptionRed Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77357
    published2014-08-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77357
    titleRHEL 5 : JBoss Web Server (RHSA-2014:1088)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0920.NASL
    descriptionUpdated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76715
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76715
    titleCentOS 5 / 6 : httpd (CESA-2014:0920)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1419.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098) - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id124922
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124922
    titleEulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-8742.NASL
    descriptionThis update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-07-26
    plugin id76852
    published2014-07-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76852
    titleFedora 20 : httpd-2.4.10-1.fc20 (2014-8742)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140723_HTTPD_ON_SL5_X.NASL
    descriptionA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-03-18
    modified2014-07-24
    plugin id76753
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76753
    titleScientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20140723)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_35.NASL
    descriptionThe remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An error exists related to HTTP header handling that could allow the disclosure of sensitive information. (CVE-2014-3021 / PI08268) - An unspecified error exists that could allow the disclosure of sensitive information. (CVE-2014-3083 / PI17768) - An unspecified input-validation errors exist related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id78604
    published2014-10-21
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78604
    titleIBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82699
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82699
    titleMac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2907-1.NASL
    descriptionThis update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using
    last seen2020-06-01
    modified2020-06-02
    plugin id104270
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104270
    titleSUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9057.NASL
    descriptionThis update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10, fixing a number of security issues. http://www.apache.org/dist/httpd/Announcement2.4.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-15
    plugin id77207
    published2014-08-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77207
    titleFedora 19 : httpd-2.4.10-1.fc19 (2014-9057)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2299-1.NASL
    descriptionMarek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117) Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. (CVE-2014-0118) Marek Kroemeke and others discovered that the mod_status module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service, or possibly execute arbitrary code. (CVE-2014-0226) Rainer Jung discovered that the mod_cgid module incorrectly handled certain scripts. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. (CVE-2014-0231). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id76757
    published2014-07-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76757
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : apache2 vulnerabilities (USN-2299-1)
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_29.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the
    last seen2020-04-30
    modified2014-09-04
    plugin id77531
    published2014-09-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77531
    titleApache 2.2.x < 2.2.28 Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idAPACHE_2_4_10.NASL
    descriptionAccording to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.10. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the
    last seen2020-04-30
    modified2014-07-21
    plugin id76622
    published2014-07-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76622
    titleApache 2.4.x < 2.4.10 Multiple Vulnerabilities

Redhat

advisories
  • rhsa
    idRHSA-2014:1019
  • rhsa
    idRHSA-2014:1020
  • rhsa
    idRHSA-2014:1021
rpms
  • httpd-0:2.2.15-31.el6_5
  • httpd-0:2.2.3-87.el5_10
  • httpd-debuginfo-0:2.2.15-31.el6_5
  • httpd-debuginfo-0:2.2.3-87.el5_10
  • httpd-devel-0:2.2.15-31.el6_5
  • httpd-devel-0:2.2.3-87.el5_10
  • httpd-manual-0:2.2.15-31.el6_5
  • httpd-manual-0:2.2.3-87.el5_10
  • httpd-tools-0:2.2.15-31.el6_5
  • mod_ssl-1:2.2.15-31.el6_5
  • mod_ssl-1:2.2.3-87.el5_10
  • httpd-0:2.4.6-18.el7_0
  • httpd-debuginfo-0:2.4.6-18.el7_0
  • httpd-devel-0:2.4.6-18.el7_0
  • httpd-manual-0:2.4.6-18.el7_0
  • httpd-tools-0:2.4.6-18.el7_0
  • mod_ldap-0:2.4.6-18.el7_0
  • mod_proxy_html-1:2.4.6-18.el7_0
  • mod_session-0:2.4.6-18.el7_0
  • mod_ssl-1:2.4.6-18.el7_0
  • httpd24-httpd-0:2.4.6-18.el6
  • httpd24-httpd-0:2.4.6-21.el7
  • httpd24-httpd-debuginfo-0:2.4.6-18.el6
  • httpd24-httpd-debuginfo-0:2.4.6-21.el7
  • httpd24-httpd-devel-0:2.4.6-18.el6
  • httpd24-httpd-devel-0:2.4.6-21.el7
  • httpd24-httpd-manual-0:2.4.6-18.el6
  • httpd24-httpd-manual-0:2.4.6-21.el7
  • httpd24-httpd-tools-0:2.4.6-18.el6
  • httpd24-httpd-tools-0:2.4.6-21.el7
  • httpd24-mod_ldap-0:2.4.6-18.el6
  • httpd24-mod_ldap-0:2.4.6-21.el7
  • httpd24-mod_proxy_html-1:2.4.6-18.el6
  • httpd24-mod_proxy_html-1:2.4.6-21.el7
  • httpd24-mod_session-0:2.4.6-18.el6
  • httpd24-mod_session-0:2.4.6-21.el7
  • httpd24-mod_ssl-1:2.4.6-18.el6
  • httpd24-mod_ssl-1:2.4.6-21.el7
  • apache-commons-beanutils-eap6-0:1.8.3-7.redhat_6.1.ep6.el5
  • apache-commons-cli-eap6-0:1.2-6.redhat_4.1.ep6.el5
  • apache-commons-codec-eap6-0:1.4-16.redhat_3.1.ep6.el5
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-configuration-eap6-0:1.6-1.redhat_3.1.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-io-eap6-0:2.1-8.redhat_3.1.ep6.el5
  • apache-commons-lang-eap6-0:2.6-8.redhat_3.1.ep6.el5
  • apache-mime4j-0:0.6-10.redhat_3.1.ep6.el5
  • cal10n-eap6-0:0.7.3-2.redhat_4.1.ep6.el5
  • codehaus-jackson-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-core-asl-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-jaxrs-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-mapper-asl-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-xc-0:1.9.9-7.redhat_3.ep6.el5
  • ecj-eap6-0:4.3.1-3.redhat_1.1.ep6.el5
  • glassfish-jaxb-eap6-0:2.2.5-20.redhat_8.1.ep6.el5
  • gnu-getopt-eap6-0:1.0.13-1.redhat_4.1.ep6.el5
  • guava-libraries-0:13.0.1-3.redhat_1.1.ep6.el5
  • h2database-0:1.3.168-7.redhat_4.1.ep6.el5
  • hibernate4-core-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-entitymanager-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-envers-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-infinispan-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-validator-0:4.3.1-2.Final_redhat_1.1.ep6.el5
  • hornetq-0:2.3.20-1.Final_redhat_1.1.ep6.el5
  • hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el5
  • hornetq-native-debuginfo-0:2.3.20-2.Final_redhat_1.ep6.el5
  • httpclient-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-client-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-core-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-project-eap6-0:6-10.redhat_1.3.ep6.el5
  • httpcore-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpd-0:2.2.26-35.ep6.el5
  • httpd-debuginfo-0:2.2.26-35.ep6.el5
  • httpd-devel-0:2.2.26-35.ep6.el5
  • httpd-manual-0:2.2.26-35.ep6.el5
  • httpd-tools-0:2.2.26-35.ep6.el5
  • httpmime-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • infinispan-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-jdbc-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-remote-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-client-hotrod-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-core-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-spi-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-deployers-common-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-jdbc-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-spec-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-validator-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • jandex-eap6-0:1.0.3-3.Final_redhat_2.2.ep6.el5
  • jansi-eap6-0:1.9-2.redhat_4.3.ep6.el5
  • jaxbintros-0:1.0.2-17.GA_redhat_6.1.ep6.el5
  • jaxen-eap6-0:1.1.3-2.redhat_4.1.ep6.el5
  • jboss-as-appclient-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-cli-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-client-all-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-clustering-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-cmp-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-connector-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-console-0:2.2.8-1.Final_redhat_1.1.ep6.el5
  • jboss-as-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-controller-client-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-core-security-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jboss-as-deployment-repository-0:7.4.0-14.Final_redhat_19.1.ep6.el5
  • jboss-as-deployment-scanner-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-domain-http-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-domain-management-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ee-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ee-deployment-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ejb3-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-embedded-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-host-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jacorb-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jaxr-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jaxrs-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jdr-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jpa-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jsf-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jsr77-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-logging-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-mail-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-management-client-content-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-messaging-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-modcluster-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-naming-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-network-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-service-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-picketlink-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-platform-mbean-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-pojo-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-process-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-protocol-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-remoting-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-sar-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-security-0:7.4.0-14.Final_redhat_19.1.ep6.el5
  • jboss-as-server-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-system-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-threads-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-transactions-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-version-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-web-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-webservices-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-weld-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-xts-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-genericjms-0:1.0.5-1.Final_redhat_1.1.ep6.el5
  • jboss-hal-0:2.2.8-1.Final_redhat_1.1.ep6.el5
  • jboss-jaxws-api_2.2_spec-0:2.0.2-4.Final_redhat_1.1.ep6.el5
  • jboss-jms-api_1.1_spec-0:1.0.1-8.Final_redhat_2.2.ep6.el5
  • jboss-jstl-api_1.2_spec-0:1.0.6-1.Final_redhat_1.1.ep6.el5
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el5
  • jboss-marshalling-0:1.4.6-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-appclient-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-common-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-ear-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-ejb-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-web-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-msc-0:1.1.5-1.Final_redhat_1.1.ep6.el5
  • jboss-remoting3-0:3.3.1-1.Final_redhat_1.1.ep6.el5
  • jboss-saaj-api_1.3_spec-0:1.0.3-3.Final_redhat_1.1.ep6.el5
  • jboss-sasl-0:1.0.4-2.Final_redhat_1.1.ep6.el5
  • jboss-security-negotiation-0:2.3.3-1.Final_redhat_1.1.ep6.el5
  • jboss-transaction-api_1.1_spec-0:1.0.1-10.Final_redhat_2.2.ep6.el5
  • jboss-transaction-spi-0:7.1.0-2.Final_redhat_1.1.ep6.el5
  • jboss-vfs2-0:3.2.5-1.Final_redhat_1.1.ep6.el5
  • jbossas-appclient-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-bundles-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-core-0:7.4.0-16.Final_redhat_19.1.ep6.el5
  • jbossas-domain-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el5
  • jbossas-javadocs-0:7.4.0-20.Final_redhat_19.1.ep6.el5
  • jbossas-jbossweb-native-0:1.1.30-2.redhat_1.ep6.el5
  • jbossas-modules-eap-0:7.4.0-38.Final_redhat_19.1.ep6.el5
  • jbossas-product-eap-0:7.4.0-19.Final_redhat_19.1.ep6.el5
  • jbossas-standalone-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-welcome-content-eap-0:7.4.0-17.Final_redhat_19.1.ep6.el5
  • jbossts-1:4.17.21-2.Final_redhat_2.1.ep6.el5
  • jbossweb-0:7.4.8-4.Final_redhat_4.1.ep6.el5
  • jbossws-common-0:2.3.0-1.Final_redhat_1.1.ep6.el5
  • jbossws-cxf-0:4.3.0-3.Final_redhat_3.1.ep6.el5
  • jbossws-native-0:4.2.0-1.Final_redhat_1.1.ep6.el5
  • jbossws-spi-0:2.3.0-2.Final_redhat_1.1.ep6.el5
  • jdom-eap6-0:1.1.2-6.redhat_4.1.ep6.el5
  • jettison-eap6-0:1.3.1-3.redhat_4.1.ep6.el5
  • jgroups-1:3.2.13-1.Final_redhat_1.1.ep6.el5
  • joda-time-eap6-0:1.6.2-1.redhat_4.1.ep6.el5
  • jython-eap6-0:2.5.2-6.redhat_3.1.ep6.el5
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-demo-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el5
  • mod_rt-0:2.4.1-3.GA.ep6.el5
  • mod_rt-debuginfo-0:2.4.1-3.GA.ep6.el5
  • mod_snmp-0:2.4.1-7.GA.ep6.el5
  • mod_snmp-debuginfo-0:2.4.1-7.GA.ep6.el5
  • mod_ssl-1:2.2.26-35.ep6.el5
  • netty-0:3.6.9-1.Final_redhat_1.1.ep6.el5
  • opensaml-0:2.5.3-4.redhat_2.1.ep6.el5
  • openws-0:1.4.4-3.redhat_2.1.ep6.el5
  • picketlink-bindings-0:2.5.3-8.SP10_redhat_1.1.ep6.el5
  • picketlink-federation-0:2.5.3-9.SP10_redhat_1.1.ep6.el5
  • resteasy-0:2.3.8-4.Final_redhat_3.1.ep6.el5
  • rngom-eap6-0:201103-2.redhat_3.1.ep6.el5
  • scannotation-0:1.0.3-6.redhat_4.2.ep6.el5
  • slf4j-0:1.7.2-13.redhat_3.1.ep6.el5
  • slf4j-eap6-0:1.7.2-13.redhat_3.1.ep6.el5
  • slf4j-jboss-logmanager-0:1.0.3-1.GA_redhat_1.1.ep6.el5
  • snakeyaml-eap6-0:1.8-1.redhat_2.2.ep6.el5
  • stilts-0:0.1.26-13.redhat_4.2.ep6.el5
  • sun-codemodel-0:2.6-4.redhat_2.2.ep6.el5
  • sun-istack-commons-1:2.6.1-10.redhat_2.2.ep6.el5
  • sun-saaj-1.3-impl-0:1.3.16-9.redhat_3.1.ep6.el5
  • sun-txw2-0:20110809-7.redhat_4.1.ep6.el5
  • sun-xsom-0:20110809-7.redhat_3.1.ep6.el5
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el5
  • weld-core-0:1.1.23-1.Final_redhat_1.1.ep6.el5
  • woodstox-core-eap6-0:4.2.0-12.redhat_4.1.ep6.el5
  • woodstox-stax2-api-eap6-0:3.1.3-3.redhat_1.1.ep6.el5
  • ws-commons-neethi-0:3.0.2-8.redhat_3.1.ep6.el5
  • wsdl4j-eap6-0:1.6.3-1.redhat_1.1.ep6.el5
  • xml-commons-resolver-eap6-0:1.2-17.redhat_9.1.ep6.el5
  • xmltooling-0:1.3.4-6.redhat_3.1.ep6.el5
  • xom-0:1.2.7-3.redhat_4.1.ep6.el5
  • apache-commons-beanutils-eap6-0:1.8.3-7.redhat_6.1.ep6.el6
  • apache-commons-cli-eap6-0:1.2-6.redhat_4.1.ep6.el6
  • apache-commons-codec-eap6-0:1.4-16.redhat_3.1.ep6.el6
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-configuration-eap6-0:1.6-1.redhat_3.1.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-io-eap6-0:2.1-8.redhat_3.1.ep6.el6
  • apache-commons-lang-eap6-0:2.6-8.redhat_3.1.ep6.el6
  • apache-mime4j-0:0.6-10.redhat_3.1.ep6.el6
  • cal10n-eap6-0:0.7.3-2.redhat_4.1.ep6.el6
  • codehaus-jackson-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-core-asl-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-jaxrs-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-mapper-asl-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-xc-0:1.9.9-7.redhat_3.ep6.el6
  • ecj-eap6-0:4.3.1-3.redhat_1.1.ep6.el6
  • glassfish-jaf-0:1.1.1-16.redhat_2.ep6.el6
  • glassfish-jaxb-eap6-0:2.2.5-20.redhat_8.1.ep6.el6
  • gnu-getopt-eap6-0:1.0.13-1.redhat_4.1.ep6.el6
  • guava-libraries-0:13.0.1-3.redhat_1.1.ep6.el6
  • h2database-0:1.3.168-7.redhat_4.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-infinispan-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-validator-0:4.3.1-2.Final_redhat_1.1.ep6.el6
  • hornetq-0:2.3.20-1.Final_redhat_1.1.ep6.el6
  • hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el6
  • hornetq-native-debuginfo-0:2.3.20-2.Final_redhat_1.ep6.el6
  • httpclient-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-client-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-core-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-project-eap6-0:6-10.redhat_1.3.ep6.el6
  • httpcore-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpd-0:2.2.26-35.ep6.el6
  • httpd-debuginfo-0:2.2.26-35.ep6.el6
  • httpd-devel-0:2.2.26-35.ep6.el6
  • httpd-manual-0:2.2.26-35.ep6.el6
  • httpd-tools-0:2.2.26-35.ep6.el6
  • httpmime-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • infinispan-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-jdbc-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-remote-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-client-hotrod-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-core-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-spi-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-deployers-common-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-jdbc-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-spec-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-validator-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • jandex-eap6-0:1.0.3-3.Final_redhat_2.2.ep6.el6
  • jansi-eap6-0:1.9-2.redhat_4.3.ep6.el6
  • jaxbintros-0:1.0.2-17.GA_redhat_6.1.ep6.el6
  • jaxen-eap6-0:1.1.3-2.redhat_4.1.ep6.el6
  • jboss-as-appclient-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-cli-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-client-all-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-clustering-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-cmp-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-connector-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-console-0:2.2.8-1.Final_redhat_1.1.ep6.el6
  • jboss-as-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-controller-client-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-core-security-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jboss-as-deployment-repository-0:7.4.0-14.Final_redhat_19.1.ep6.el6
  • jboss-as-deployment-scanner-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-domain-http-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-domain-management-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ee-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ee-deployment-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ejb3-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-embedded-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-host-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jacorb-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jaxr-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jaxrs-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jdr-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jpa-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jsf-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jsr77-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-logging-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-mail-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-management-client-content-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-messaging-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-modcluster-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-naming-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-network-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-service-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-picketlink-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-platform-mbean-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-pojo-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-process-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-protocol-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-remoting-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-sar-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-security-0:7.4.0-14.Final_redhat_19.1.ep6.el6
  • jboss-as-server-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-system-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-threads-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-transactions-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-version-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-web-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-webservices-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-weld-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-xts-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-genericjms-0:1.0.5-1.Final_redhat_1.1.ep6.el6
  • jboss-hal-0:2.2.8-1.Final_redhat_1.1.ep6.el6
  • jboss-jaxws-api_2.2_spec-0:2.0.2-4.Final_redhat_1.1.ep6.el6
  • jboss-jms-api_1.1_spec-0:1.0.1-8.Final_redhat_2.2.ep6.el6
  • jboss-jstl-api_1.2_spec-0:1.0.6-1.Final_redhat_1.1.ep6.el6
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el6
  • jboss-marshalling-0:1.4.6-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-appclient-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-common-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-ear-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-ejb-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-web-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-msc-0:1.1.5-1.Final_redhat_1.1.ep6.el6
  • jboss-remoting3-0:3.3.1-1.Final_redhat_1.1.ep6.el6
  • jboss-saaj-api_1.3_spec-0:1.0.3-3.Final_redhat_1.1.ep6.el6
  • jboss-sasl-0:1.0.4-2.Final_redhat_1.1.ep6.el6
  • jboss-security-negotiation-0:2.3.3-1.Final_redhat_1.1.ep6.el6
  • jboss-transaction-api_1.1_spec-0:1.0.1-10.Final_redhat_2.2.ep6.el6
  • jboss-transaction-spi-0:7.1.0-2.Final_redhat_1.1.ep6.el6
  • jboss-vfs2-0:3.2.5-1.Final_redhat_1.1.ep6.el6
  • jbossas-appclient-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-bundles-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-core-0:7.4.0-16.Final_redhat_19.1.ep6.el6
  • jbossas-domain-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el6
  • jbossas-javadocs-0:7.4.0-20.Final_redhat_19.1.ep6.el6
  • jbossas-jbossweb-native-0:1.1.30-2.redhat_1.ep6.el6
  • jbossas-modules-eap-0:7.4.0-38.Final_redhat_19.1.ep6.el6
  • jbossas-product-eap-0:7.4.0-19.Final_redhat_19.1.ep6.el6
  • jbossas-standalone-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-welcome-content-eap-0:7.4.0-17.Final_redhat_19.1.ep6.el6
  • jbossts-1:4.17.21-2.Final_redhat_2.1.ep6.el6
  • jbossweb-0:7.4.8-4.Final_redhat_4.1.ep6.el6
  • jbossws-common-0:2.3.0-1.Final_redhat_1.1.ep6.el6
  • jbossws-cxf-0:4.3.0-3.Final_redhat_3.1.ep6.el6
  • jbossws-native-0:4.2.0-1.Final_redhat_1.1.ep6.el6
  • jbossws-spi-0:2.3.0-2.Final_redhat_1.1.ep6.el6
  • jdom-eap6-0:1.1.2-6.redhat_4.1.ep6.el6
  • jettison-eap6-0:1.3.1-3.redhat_4.1.ep6.el6
  • jgroups-1:3.2.13-1.Final_redhat_1.1.ep6.el6
  • joda-time-eap6-0:1.6.2-1.redhat_4.1.ep6.el6
  • jython-eap6-0:2.5.2-6.redhat_3.1.ep6.el6
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-demo-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el6
  • mod_rt-0:2.4.1-5.GA.ep6.el6
  • mod_rt-debuginfo-0:2.4.1-5.GA.ep6.el6
  • mod_snmp-0:2.4.1-8.GA.ep6.el6
  • mod_snmp-debuginfo-0:2.4.1-8.GA.ep6.el6
  • mod_ssl-1:2.2.26-35.ep6.el6
  • netty-0:3.6.9-1.Final_redhat_1.1.ep6.el6
  • opensaml-0:2.5.3-4.redhat_2.1.ep6.el6
  • openws-0:1.4.4-3.redhat_2.1.ep6.el6
  • picketlink-bindings-0:2.5.3-8.SP10_redhat_1.1.ep6.el6
  • picketlink-federation-0:2.5.3-9.SP10_redhat_1.1.ep6.el6
  • resteasy-0:2.3.8-4.Final_redhat_3.1.ep6.el6
  • rngom-eap6-0:201103-2.redhat_3.1.ep6.el6
  • scannotation-0:1.0.3-6.redhat_4.2.ep6.el6
  • slf4j-eap6-0:1.7.2-13.redhat_3.1.ep6.el6
  • slf4j-jboss-logmanager-0:1.0.3-1.GA_redhat_1.1.ep6.el6
  • snakeyaml-eap6-0:1.8-1.redhat_2.2.ep6.el6
  • stilts-0:0.1.26-13.redhat_4.2.ep6.el6
  • sun-codemodel-0:2.6-4.redhat_2.2.ep6.el6
  • sun-istack-commons-1:2.6.1-10.redhat_2.2.ep6.el6
  • sun-saaj-1.3-impl-0:1.3.16-9.redhat_3.1.ep6.el6
  • sun-txw2-0:20110809-7.redhat_4.1.ep6.el6
  • sun-xsom-0:20110809-7.redhat_3.1.ep6.el6
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el6
  • weld-core-0:1.1.23-1.Final_redhat_1.1.ep6.el6
  • woodstox-core-eap6-0:4.2.0-12.redhat_4.1.ep6.el6
  • woodstox-stax2-api-eap6-0:3.1.3-3.redhat_1.1.ep6.el6
  • ws-commons-neethi-0:3.0.2-8.redhat_3.1.ep6.el6
  • wsdl4j-eap6-0:1.6.3-1.redhat_1.1.ep6.el6
  • xml-commons-resolver-eap6-0:1.2-17.redhat_9.1.ep6.el6
  • xmltooling-0:1.3.4-6.redhat_3.1.ep6.el6
  • xom-0:1.2.7-3.redhat_4.1.ep6.el6
  • antlr-eap6-0:2.7.7-17.redhat_4.1.ep6.el6
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-collections-tomcat-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-daemon-eap6-1:1.0.15-5.redhat_1.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-logging-eap6-0:1.1.1-7.9_redhat_1.ep6.el6
  • apache-commons-logging-tomcat-eap6-0:1.1.1-7.9_redhat_1.ep6.el6
  • apache-commons-pool-eap6-0:1.6-7.redhat_6.1.ep6.el6
  • apache-commons-pool-tomcat-eap6-0:1.6-7.redhat_6.1.ep6.el6
  • dom4j-eap6-0:1.6.1-20.redhat_6.1.ep6.el6
  • ecj3-1:3.7.2-9.redhat_3.1.ep6.el6
  • hibernate4-c3p0-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-infinispan-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • httpd-0:2.2.26-35.ep6.el6
  • httpd-debuginfo-0:2.2.26-35.ep6.el6
  • httpd-devel-0:2.2.26-35.ep6.el6
  • httpd-manual-0:2.2.26-35.ep6.el6
  • httpd-tools-0:2.2.26-35.ep6.el6
  • javassist-eap6-0:3.18.1-1.GA_redhat_1.1.ep6.el6
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el6
  • jboss-transaction-api_1.1_spec-0:1.0.1-12.Final_redhat_2.2.ep6.el6
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-tomcat6-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-tomcat7-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-manual-0:1.2.40-2.redhat_1.ep6.el6
  • mod_rt-0:2.4.1-6.GA.ep6.el6
  • mod_rt-debuginfo-0:2.4.1-6.GA.ep6.el6
  • mod_snmp-0:2.4.1-13.GA.ep6.el6
  • mod_snmp-debuginfo-0:2.4.1-13.GA.ep6.el6
  • mod_ssl-1:2.2.26-35.ep6.el6
  • storeconfig-tc6-0:0.0.1-7.Alpha3_redhat_12.3.ep6.el6
  • storeconfig-tc7-0:0.0.1-7.Alpha3_redhat_12.5.ep6.el6
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat6-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-admin-webapps-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-docs-webapp-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-el-2.1-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-javadoc-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-jsp-2.1-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-lib-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-log4j-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-servlet-2.5-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-webapps-0:6.0.41-5_patch_02.ep6.el6
  • tomcat7-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-admin-webapps-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-docs-webapp-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-el-2.2-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-javadoc-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-jsp-2.2-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-lib-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-log4j-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-servlet-3.0-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-webapps-0:7.0.54-6_patch_02.ep6.el6
  • antlr-eap6-0:2.7.7-17.redhat_4.1.ep6.el5
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-collections-tomcat-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-daemon-eap6-1:1.0.15-5.redhat_1.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-pool-eap6-0:1.6-7.redhat_6.1.ep6.el5
  • apache-commons-pool-tomcat-eap6-0:1.6-7.redhat_6.1.ep6.el5
  • dom4j-eap6-0:1.6.1-20.redhat_6.1.ep6.el5
  • ecj3-1:3.7.2-9.redhat_3.1.ep6.el5
  • hibernate4-c3p0-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-core-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-entitymanager-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-envers-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-infinispan-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • httpd-0:2.2.26-35.ep6.el5
  • httpd-debuginfo-0:2.2.26-35.ep6.el5
  • httpd-devel-0:2.2.26-35.ep6.el5
  • httpd-manual-0:2.2.26-35.ep6.el5
  • httpd-tools-0:2.2.26-35.ep6.el5
  • javassist-eap6-0:3.18.1-1.GA_redhat_1.1.ep6.el5
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el5
  • jboss-transaction-api_1.1_spec-0:1.0.1-12.Final_redhat_2.2.ep6.el5
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-tomcat6-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-tomcat7-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-manual-0:1.2.40-2.redhat_1.ep6.el5
  • mod_rt-0:2.4.1-6.GA.ep6.el5
  • mod_rt-debuginfo-0:2.4.1-6.GA.ep6.el5
  • mod_snmp-0:2.4.1-13.GA.ep6.el5
  • mod_snmp-debuginfo-0:2.4.1-13.GA.ep6.el5
  • mod_ssl-1:2.2.26-35.ep6.el5
  • storeconfig-tc6-0:0.0.1-7.Alpha3_redhat_12.3.ep6.el5
  • storeconfig-tc7-0:0.0.1-7.Alpha3_redhat_12.5.ep6.el5
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat6-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-admin-webapps-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-docs-webapp-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-el-2.1-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-javadoc-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-jsp-2.1-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-lib-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-log4j-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-servlet-2.5-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-webapps-0:6.0.41-6_patch_02.ep6.el5
  • tomcat7-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-admin-webapps-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-docs-webapp-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-el-2.2-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-javadoc-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-jsp-2.2-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-lib-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-log4j-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-servlet-3.0-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-webapps-0:7.0.54-6_patch_02.ep6.el5

References