Vulnerabilities > CVE-2014-0227 - Data Processing Errors vulnerability in Apache Tomcat

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Configurations

Part Description Count
Application
Apache
110

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0991.NASL
    descriptionUpdated tomcat6 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) This update also fixes the following bug : * Before this update, the tomcat6 init script did not try to kill the tomcat process if an attempt to stop it was unsuccessful, which would prevent tomcat from restarting properly. The init script was modified to correct this issue. (BZ#1207048) All Tomcat 6 users are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id83380
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83380
    titleCentOS 6 : tomcat6 (CESA-2015:0991)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0991 and 
    # CentOS Errata and Security Advisory 2015:0991 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83380);
      script_version("2.11");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2014-0227");
      script_bugtraq_id(72717);
      script_xref(name:"RHSA", value:"2015:0991");
    
      script_name(english:"CentOS 6 : tomcat6 (CESA-2015:0991)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated tomcat6 packages that fix one security issue and one bug are
    now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available from the
    CVE link in the References section.
    
    Apache Tomcat is a servlet container for the Java Servlet and
    JavaServer Pages (JSP) technologies.
    
    It was discovered that the ChunkedInputFilter in Tomcat did not fail
    subsequent attempts to read input after malformed chunked encoding was
    detected. A remote attacker could possibly use this flaw to make
    Tomcat process part of the request body as new request, or cause a
    denial of service. (CVE-2014-0227)
    
    This update also fixes the following bug :
    
    * Before this update, the tomcat6 init script did not try to kill the
    tomcat process if an attempt to stop it was unsuccessful, which would
    prevent tomcat from restarting properly. The init script was modified
    to correct this issue. (BZ#1207048)
    
    All Tomcat 6 users are advised to upgrade to these updated packages,
    which correct these issues. Tomcat must be restarted for this update
    to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2015-May/021105.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?55d5901c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected tomcat6 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0227");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-el-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tomcat6-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-admin-webapps-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-docs-webapp-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-el-2.1-api-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-javadoc-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-jsp-2.1-api-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-lib-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-servlet-2.5-api-6.0.24-83.el6_6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"tomcat6-webapps-6.0.24-83.el6_6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1087.NASL
    descriptionRed Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77356
    published2014-08-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77356
    titleRHEL 6 : JBoss Web Server (RHSA-2014:1087)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1087. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77356);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2013-4590", "CVE-2014-0118", "CVE-2014-0119", "CVE-2014-0226", "CVE-2014-0227", "CVE-2014-0231");
      script_xref(name:"RHSA", value:"2014:1087");
    
      script_name(english:"RHEL 6 : JBoss Web Server (RHSA-2014:1087)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues
    and several bugs, is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Red Hat JBoss Web Server is a fully integrated and certified set of
    components for hosting Java web applications. It is comprised of the
    Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
    Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
    the Tomcat Native library.
    
    This release serves as a replacement for Red Hat JBoss Web Server
    2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web
    Server 2.1.0 Release Notes, linked to in the References section, for
    information on the most significant of these changes.
    
    The following security issues are also fixed with this release :
    
    A race condition flaw, leading to heap-based buffer overflows, was
    found in the mod_status httpd module. A remote attacker able to access
    a status page served by mod_status on a server using a threaded
    Multi-Processing Module (MPM) could send a specially crafted request
    that would cause the httpd child process to crash or, possibly, allow
    the attacker to execute arbitrary code with the privileges of the
    'apache' user. (CVE-2014-0226)
    
    A denial of service flaw was found in the way httpd's mod_deflate
    module handled request body decompression (configured via the
    'DEFLATE' input filter). A remote attacker able to send a request
    whose body would be decompressed could use this flaw to consume an
    excessive amount of system memory and CPU on the target system.
    (CVE-2014-0118)
    
    A denial of service flaw was found in the way httpd's mod_cgid module
    executed CGI scripts that did not read data from the standard input. A
    remote attacker could submit a specially crafted request that would
    cause the httpd child process to hang indefinitely. (CVE-2014-0231)
    
    It was found that several application-provided XML files, such as
    web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external
    entities, permitting XML External Entity (XXE) attacks. An attacker
    able to deploy malicious applications to Tomcat could use this flaw to
    circumvent security restrictions set by the JSM, and gain access to
    sensitive information on the system. Note that this flaw only affected
    deployments in which Tomcat is running applications from untrusted
    sources, such as in a shared hosting environment. (CVE-2013-4590)
    
    It was found that, in certain circumstances, it was possible for a
    malicious web application to replace the XML parsers used by Tomcat to
    process XSLTs for the default servlet, JSP documents, tag library
    descriptors (TLDs), and tag plug-in configuration files. The injected
    XML parser(s) could then bypass the limits imposed on XML external
    entities and/or gain access to the XML files processed for other web
    applications deployed on the same Tomcat instance. (CVE-2014-0119)
    
    All users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise
    Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The
    JBoss server process must be restarted for this update to take effect."
      );
      # https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?765407e2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0231"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:antlr-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dom4j-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:javassist-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-logging");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_rt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-native");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1087";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL6", rpm:"jws-2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss Web Server");
    
      if (rpm_check(release:"RHEL6", reference:"antlr-eap6-2.7.7-17.redhat_4.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-collections-eap6-3.2.1-15.redhat_3.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-collections-tomcat-eap6-3.2.1-15.redhat_3.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-logging-eap6-1.1.1-7.9_redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-logging-tomcat-eap6-1.1.1-7.9_redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-pool-tomcat-eap6-1.6-7.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-c3p0-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-core-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-entitymanager-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-envers-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-infinispan-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-debuginfo-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-debuginfo-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-devel-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-devel-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-manual-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-manual-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-tools-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-tools-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"jboss-logging-3.1.4-1.GA_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"jboss-transaction-api_1.1_spec-1.0.1-12.Final_redhat_2.2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-tomcat6-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-tomcat7-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_rt-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_rt-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_snmp-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_snmp-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_ssl-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_ssl-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"storeconfig-tc6-0.0.1-7.Alpha3_redhat_12.3.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"storeconfig-tc7-0.0.1-7.Alpha3_redhat_12.5.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"tomcat-native-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tomcat-native-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-admin-webapps-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-docs-webapp-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-el-2.1-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-javadoc-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-jsp-2.1-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-lib-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-log4j-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-servlet-2.5-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-webapps-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-admin-webapps-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-docs-webapp-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-el-2.2-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-javadoc-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-jsp-2.2-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-lib-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-log4j-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-servlet-3.0-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-webapps-7.0.54-6_patch_02.ep6.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "antlr-eap6 / apache-commons-collections-eap6 / etc");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2654-1.NASL
    descriptionIt was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0119) It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0227) It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0230) It was discovered that the Tomcat Expression Language (EL) implementation incorrectly handled accessible interfaces implemented by inaccessible classes. An attacker could possibly use this issue to bypass a SecurityManager protection mechanism. (CVE-2014-7810). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84429
    published2015-06-26
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84429
    titleUbuntu 14.04 LTS / 14.10 / 15.04 : tomcat7 vulnerabilities (USN-2654-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2654-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84429);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/18 12:31:44");
    
      script_cve_id("CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-7810");
      script_bugtraq_id(67669, 72717, 74475, 74665);
      script_xref(name:"USN", value:"2654-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 14.10 / 15.04 : tomcat7 vulnerabilities (USN-2654-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Tomcat XML parser incorrectly handled XML
    External Entities (XXE). A remote attacker could possibly use this
    issue to read arbitrary files. This issue only affected Ubuntu 14.04
    LTS. (CVE-2014-0119)
    
    It was discovered that Tomcat incorrectly handled data with malformed
    chunked transfer coding. A remote attacker could possibly use this
    issue to conduct HTTP request smuggling attacks, or cause Tomcat to
    consume resources, resulting in a denial of service. This issue only
    affected Ubuntu 14.04 LTS. (CVE-2014-0227)
    
    It was discovered that Tomcat incorrectly handled HTTP responses
    occurring before the entire request body was finished being read. A
    remote attacker could possibly use this issue to cause memory
    consumption, resulting in a denial of service. This issue only
    affected Ubuntu 14.04 LTS. (CVE-2014-0230)
    
    It was discovered that the Tomcat Expression Language (EL)
    implementation incorrectly handled accessible interfaces implemented
    by inaccessible classes. An attacker could possibly use this issue to
    bypass a SecurityManager protection mechanism. (CVE-2014-7810).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2654-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtomcat7-java package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|14\.10|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 14.10 / 15.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libtomcat7-java", pkgver:"7.0.52-1ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libtomcat7-java", pkgver:"7.0.55-1ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libtomcat7-java", pkgver:"7.0.56-2ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtomcat7-java");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0983.NASL
    descriptionFrom Red Hat Security Advisory 2015:0983 : Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id83400
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83400
    titleOracle Linux 7 : tomcat (ELSA-2015-0983)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2015:0983 and 
    # Oracle Linux Security Advisory ELSA-2015-0983 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83400);
      script_version("2.9");
      script_cvs_date("Date: 2019/09/27 13:00:36");
    
      script_cve_id("CVE-2014-0227");
      script_bugtraq_id(72717);
      script_xref(name:"RHSA", value:"2015:0983");
    
      script_name(english:"Oracle Linux 7 : tomcat (ELSA-2015-0983)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2015:0983 :
    
    Updated tomcat packages that fix one security issue are now available
    for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available from the
    CVE link in the References section.
    
    Apache Tomcat is a servlet container for the Java Servlet and
    JavaServer Pages (JSP) technologies.
    
    It was discovered that the ChunkedInputFilter in Tomcat did not fail
    subsequent attempts to read input after malformed chunked encoding was
    detected. A remote attacker could possibly use this flaw to make
    Tomcat process part of the request body as new request, or cause a
    denial of service. (CVE-2014-0227)
    
    All Tomcat 7 users are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. After
    installing this update, the tomcat service will be restarted
    automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-May/005042.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected tomcat packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-el-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-jsvc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-admin-webapps-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-docs-webapp-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-el-2.2-api-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-javadoc-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-jsp-2.2-api-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-jsvc-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-lib-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-servlet-3.0-api-7.0.54-2.el7_1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-webapps-7.0.54-2.el7_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc");
    }
    
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_42.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat server running on the remote host is 6.0.x prior to version 6.0.42. It is, therefore, affected by a flaw in
    last seen2020-03-18
    modified2015-03-01
    plugin id81579
    published2015-03-01
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81579
    titleApache Tomcat 6.0.x < 6.0.42 Handling Request Smuggling DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81579);
      script_version("1.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11");
    
      script_cve_id("CVE-2014-0227");
      script_bugtraq_id(72717);
    
      script_name(english:"Apache Tomcat 6.0.x < 6.0.42 Handling Request Smuggling DoS");
      script_summary(english:"Checks the Apache Tomcat version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Apache Tomcat server is affected by a denial of service
    vulnerability.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the Apache Tomcat
    server running on the remote host is 6.0.x prior to version 6.0.42. It
    is, therefore, affected by a flaw in 'ChunkedInputFilter.java' due to
    improper handling of attempts to continue reading data after an error
    has occurred. A remote attacker, using streaming data with malformed
    chunked transfer coding, can exploit this to conduct HTTP request
    smuggling or cause a denial of service.
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2015/Feb/65");
      script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/tomcat-6.0-doc/changelog.html");
      script_set_attribute(attribute:"solution", value:
    "Update to Apache Tomcat version 6.0.43 or later.
    
    Note that while version 6.0.42 fixes the issue, it was not officially
    released, and the vendor recommends upgrading to 6.0.43 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0227");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/01");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
      script_set_attribute(attribute:"agent", value:"all");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
      script_require_keys("installed_sw/Apache Tomcat");
    
      exit(0);
    }
    
    include("tomcat_version.inc");
    
    # Note that 6.0.42 contained the fix,
    # but was never released
    tomcat_check_version(fixed:"6.0.42", min:"6.0.0", severity:SECURITY_WARNING, granularity_regex:"^6(\.0)?$");
    
    
  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_JUL_2015_CPU.NASL
    descriptionThe Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists in Kerberos 5 due to a failure to properly determine the acceptability of checksums. A remote attacker can exploit this to forge tokens or gain privileges by using an unkeyed checksum. (CVE-2010-1324) - A NULL pointer deference flaw exists in the function bdfReadCharacters() in file bdfread.c of the X.Org libXfont module due to improper handling of non-readable character bitmaps. An authenticated, remote attacker, using a crafted BDF font file, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2015-1803) - An out-of-bounds read/write error exists in the SProcXFixesSelectSelectionInput() function in the XFixes extension. A remote, authenticated attacker, using a crafted length value, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-8102) - A remote attacker, by using a crafted string length value in an XkbSetGeometry request, can gain access to sensitive information from process memory or cause a denial of service. (CVE-2015-0255) - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A denial of service vulnerability exists in Apache Tomcat due to improper handling of HTTP responses that occurs before finishing reading an entire request body. A remote attacker can exploit this by using a crafted series of aborted upload attempts. (CVE-2014-0230) - A denial of service vulnerability exists in Apache Tomcat in ChunkedInputFilter.java due to improper handling of attempts to read data after an error has occurred. A remote attacker can exploit this by streaming data with malformed chunked-transfer encoding. (CVE-2014-0227) - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - An unspecified flaw exists that is related to the JServer subcomponent. A remote attacker can exploit this to impact confidentiality and integrity. No further details have been provided. (CVE-2015-2581)
    last seen2020-06-01
    modified2020-06-02
    plugin id84795
    published2015-07-16
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84795
    titleOracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3447.NASL
    descriptionIt was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.
    last seen2020-06-01
    modified2020-06-02
    plugin id87979
    published2016-01-19
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87979
    titleDebian DSA-3447-1 : tomcat7 - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-232.NASL
    descriptionThe following vulnerabilities were found in Apache Tomcat 6 : CVE-2014-0227 The Tomcat security team identified that it was possible to conduct HTTP request smuggling attacks or cause a DoS by streaming malformed data. CVE-2014-0230 AntBean@secdig, from the Baidu Security Team, disclosed that it was possible to cause a limited DoS attack by feeding data by aborting an upload. CVE-2014-7810 The Tomcat security team identified that malicious web applications could bypass the Security Manager by the use of expression language. For Debian 6
    last seen2020-03-17
    modified2015-05-29
    plugin id83887
    published2015-05-29
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83887
    titleDebian DLA-232-1 : tomcat6 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0991.NASL
    descriptionFrom Red Hat Security Advisory 2015:0991 : Updated tomcat6 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) This update also fixes the following bug : * Before this update, the tomcat6 init script did not try to kill the tomcat process if an attempt to stop it was unsuccessful, which would prevent tomcat from restarting properly. The init script was modified to correct this issue. (BZ#1207048) All Tomcat 6 users are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id83404
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83404
    titleOracle Linux 6 : tomcat6 (ELSA-2015-0991)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-052.NASL
    descriptionUpdated tomcat packages fix security vulnerabilities : Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request
    last seen2020-06-01
    modified2020-06-02
    plugin id81935
    published2015-03-19
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81935
    titleMandriva Linux Security Advisory : tomcat (MDVSA-2015:052)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0983.NASL
    descriptionUpdated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id83406
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83406
    titleRHEL 7 : tomcat (RHSA-2015:0983)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-084.NASL
    descriptionUpdated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099). Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119). In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).
    last seen2020-06-01
    modified2020-06-02
    plugin id82337
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82337
    titleMandriva Linux Security Advisory : tomcat (MDVSA-2015:084)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0983.NASL
    descriptionUpdated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id83376
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83376
    titleCentOS 7 : tomcat (CESA-2015:0983)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150512_TOMCAT6_ON_SL6_X.NASL
    descriptionIt was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) This update also fixes the following bug : - Before this update, the tomcat6 init script did not try to kill the tomcat process if an attempt to stop it was unsuccessful, which would prevent tomcat from restarting properly. The init script was modified to correct this issue. Tomcat must be restarted for this update to take effect.
    last seen2020-03-18
    modified2015-05-14
    plugin id83455
    published2015-05-14
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83455
    titleScientific Linux Security Update : tomcat6 on SL6.x i386/srpm/x86_64 (20150512)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0991.NASL
    descriptionUpdated tomcat6 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) This update also fixes the following bug : * Before this update, the tomcat6 init script did not try to kill the tomcat process if an attempt to stop it was unsuccessful, which would prevent tomcat from restarting properly. The init script was modified to correct this issue. (BZ#1207048) All Tomcat 6 users are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id83412
    published2015-05-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83412
    titleRHEL 6 : tomcat6 (RHSA-2015:0991)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3530.NASL
    descriptionMultiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.
    last seen2020-06-01
    modified2020-06-02
    plugin id90205
    published2016-03-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90205
    titleDebian DSA-3530-1 : tomcat6 - security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-526.NASL
    descriptionIt was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227)
    last seen2020-06-01
    modified2020-06-02
    plugin id83496
    published2015-05-18
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83496
    titleAmazon Linux AMI : tomcat7 (ALAS-2015-526)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16344.NASL
    descriptionava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
    last seen2020-06-01
    modified2020-06-02
    plugin id85948
    published2015-09-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85948
    titleF5 Networks BIG-IP : Apache Tomcat vulnerability (SOL16344)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-2109.NASL
    descriptionUpdated to 7.0.59 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-02-24
    plugin id81457
    published2015-02-24
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81457
    titleFedora 21 : tomcat-7.0.59-1.fc21 (2015-2109)
  • NASL familyWeb Servers
    NASL idTOMCAT_8_0_9.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat server running on the remote host is 8.0.x prior to version 8.0.9. It is, therefore, affected by the following vulnerabilities : - A flaw in
    last seen2020-03-18
    modified2015-03-01
    plugin id81580
    published2015-03-01
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81580
    titleApache Tomcat 8.0.x < 8.0.9 Multiple DoS
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-053.NASL
    descriptionUpdated tomcat6 packages fix security vulnerabilities : Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099). Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119). In Apache Tomcat 6.x before 6.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).
    last seen2020-06-01
    modified2020-06-02
    plugin id81936
    published2015-03-19
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81936
    titleMandriva Linux Security Advisory : tomcat6 (MDVSA-2015:053)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150512_TOMCAT_ON_SL7_X.NASL
    descriptionIt was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) After installing this update, the tomcat service will be restarted automatically.
    last seen2020-03-18
    modified2015-05-14
    plugin id83456
    published2015-05-14
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83456
    titleScientific Linux Security Update : tomcat on SL7.x (noarch) (20150512)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-525.NASL
    descriptionIt was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id83495
    published2015-05-18
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83495
    titleAmazon Linux AMI : tomcat6 (ALAS-2015-525)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-527.NASL
    descriptionIt was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227)
    last seen2020-06-01
    modified2020-06-02
    plugin id83497
    published2015-05-18
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83497
    titleAmazon Linux AMI : tomcat8 (ALAS-2015-527)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2655-1.NASL
    descriptionIt was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. (CVE-2014-0227) It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2014-0230) It was discovered that the Tomcat Expression Language (EL) implementation incorrectly handled accessible interfaces implemented by inaccessible classes. An attacker could possibly use this issue to bypass a SecurityManager protection mechanism. (CVE-2014-7810). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84430
    published2015-06-26
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84430
    titleUbuntu 12.04 LTS : tomcat6 vulnerabilities (USN-2655-1)
  • NASL familyWeb Servers
    NASL idTOMCAT_7_0_55.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service listening on the remote host is 7.0.x prior to 7.0.55. It is, therefore, affected by the following vulnerabilities : - A race condition exists in the ssl3_read_bytes() function when SSL_MODE_RELEASE_BUFFERS is enabled. This allows a remote attacker to inject data across sessions or cause a denial of service. (CVE-2010-5298) - A buffer overflow error exists related to invalid DTLS fragment handling that can lead to the execution of arbitrary code. Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195) - An error exists in the do_ssl3_write() function that allows a NULL pointer to be dereferenced, resulting in a denial of service. Note that this issue is exploitable only if
    last seen2020-03-18
    modified2014-09-02
    plugin id77475
    published2014-09-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77475
    titleApache Tomcat 7.0.x < 7.0.55 Multiple Vulnerabilities

Redhat

advisories
  • bugzilla
    id1109196
    titleCVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commenttomcat-lib is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983001
          • commenttomcat-lib is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686012
        • AND
          • commenttomcat-admin-webapps is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983003
          • commenttomcat-admin-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686002
        • AND
          • commenttomcat-el-2.2-api is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983005
          • commenttomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686014
        • AND
          • commenttomcat-jsp-2.2-api is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983007
          • commenttomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686004
        • AND
          • commenttomcat-docs-webapp is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983009
          • commenttomcat-docs-webapp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686016
        • AND
          • commenttomcat-javadoc is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983011
          • commenttomcat-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686018
        • AND
          • commenttomcat is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983013
          • commenttomcat is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686006
        • AND
          • commenttomcat-jsvc is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983015
          • commenttomcat-jsvc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686020
        • AND
          • commenttomcat-webapps is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983017
          • commenttomcat-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686010
        • AND
          • commenttomcat-servlet-3.0-api is earlier than 0:7.0.54-2.el7_1
            ovaloval:com.redhat.rhsa:tst:20150983019
          • commenttomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686008
    rhsa
    idRHSA-2015:0983
    released2015-05-12
    severityModerate
    titleRHSA-2015:0983: tomcat security update (Moderate)
  • bugzilla
    id1109196
    titleCVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commenttomcat6 is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991001
          • commenttomcat6 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335008
        • AND
          • commenttomcat6-lib is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991003
          • commenttomcat6-lib is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335010
        • AND
          • commenttomcat6-servlet-2.5-api is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991005
          • commenttomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335002
        • AND
          • commenttomcat6-el-2.1-api is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991007
          • commenttomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335018
        • AND
          • commenttomcat6-webapps is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991009
          • commenttomcat6-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335020
        • AND
          • commenttomcat6-docs-webapp is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991011
          • commenttomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335016
        • AND
          • commenttomcat6-jsp-2.1-api is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991013
          • commenttomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335006
        • AND
          • commenttomcat6-admin-webapps is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991015
          • commenttomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335004
        • AND
          • commenttomcat6-javadoc is earlier than 0:6.0.24-83.el6_6
            ovaloval:com.redhat.rhsa:tst:20150991017
          • commenttomcat6-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335012
    rhsa
    idRHSA-2015:0991
    released2015-05-12
    severityModerate
    titleRHSA-2015:0991: tomcat6 security and bug fix update (Moderate)
  • rhsa
    idRHSA-2015:0675
  • rhsa
    idRHSA-2015:0720
  • rhsa
    idRHSA-2015:0765
rpms
  • apache-commons-beanutils-eap6-0:1.8.3-7.redhat_6.1.ep6.el5
  • apache-commons-cli-eap6-0:1.2-6.redhat_4.1.ep6.el5
  • apache-commons-codec-eap6-0:1.4-16.redhat_3.1.ep6.el5
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-configuration-eap6-0:1.6-1.redhat_3.1.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-io-eap6-0:2.1-8.redhat_3.1.ep6.el5
  • apache-commons-lang-eap6-0:2.6-8.redhat_3.1.ep6.el5
  • apache-mime4j-0:0.6-10.redhat_3.1.ep6.el5
  • cal10n-eap6-0:0.7.3-2.redhat_4.1.ep6.el5
  • codehaus-jackson-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-core-asl-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-jaxrs-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-mapper-asl-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-xc-0:1.9.9-7.redhat_3.ep6.el5
  • ecj-eap6-0:4.3.1-3.redhat_1.1.ep6.el5
  • glassfish-jaxb-eap6-0:2.2.5-20.redhat_8.1.ep6.el5
  • gnu-getopt-eap6-0:1.0.13-1.redhat_4.1.ep6.el5
  • guava-libraries-0:13.0.1-3.redhat_1.1.ep6.el5
  • h2database-0:1.3.168-7.redhat_4.1.ep6.el5
  • hibernate4-core-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-entitymanager-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-envers-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-infinispan-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-validator-0:4.3.1-2.Final_redhat_1.1.ep6.el5
  • hornetq-0:2.3.20-1.Final_redhat_1.1.ep6.el5
  • hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el5
  • hornetq-native-debuginfo-0:2.3.20-2.Final_redhat_1.ep6.el5
  • httpclient-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-client-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-core-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-project-eap6-0:6-10.redhat_1.3.ep6.el5
  • httpcore-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpd-0:2.2.26-35.ep6.el5
  • httpd-debuginfo-0:2.2.26-35.ep6.el5
  • httpd-devel-0:2.2.26-35.ep6.el5
  • httpd-manual-0:2.2.26-35.ep6.el5
  • httpd-tools-0:2.2.26-35.ep6.el5
  • httpmime-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • infinispan-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-jdbc-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-remote-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-client-hotrod-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-core-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-spi-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-deployers-common-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-jdbc-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-spec-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-validator-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • jandex-eap6-0:1.0.3-3.Final_redhat_2.2.ep6.el5
  • jansi-eap6-0:1.9-2.redhat_4.3.ep6.el5
  • jaxbintros-0:1.0.2-17.GA_redhat_6.1.ep6.el5
  • jaxen-eap6-0:1.1.3-2.redhat_4.1.ep6.el5
  • jboss-as-appclient-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-cli-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-client-all-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-clustering-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-cmp-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-connector-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-console-0:2.2.8-1.Final_redhat_1.1.ep6.el5
  • jboss-as-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-controller-client-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-core-security-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jboss-as-deployment-repository-0:7.4.0-14.Final_redhat_19.1.ep6.el5
  • jboss-as-deployment-scanner-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-domain-http-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-domain-management-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ee-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ee-deployment-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ejb3-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-embedded-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-host-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jacorb-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jaxr-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jaxrs-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jdr-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jpa-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jsf-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jsr77-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-logging-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-mail-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-management-client-content-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-messaging-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-modcluster-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-naming-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-network-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-service-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-picketlink-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-platform-mbean-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-pojo-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-process-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-protocol-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-remoting-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-sar-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-security-0:7.4.0-14.Final_redhat_19.1.ep6.el5
  • jboss-as-server-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-system-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-threads-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-transactions-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-version-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-web-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-webservices-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-weld-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-xts-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-genericjms-0:1.0.5-1.Final_redhat_1.1.ep6.el5
  • jboss-hal-0:2.2.8-1.Final_redhat_1.1.ep6.el5
  • jboss-jaxws-api_2.2_spec-0:2.0.2-4.Final_redhat_1.1.ep6.el5
  • jboss-jms-api_1.1_spec-0:1.0.1-8.Final_redhat_2.2.ep6.el5
  • jboss-jstl-api_1.2_spec-0:1.0.6-1.Final_redhat_1.1.ep6.el5
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el5
  • jboss-marshalling-0:1.4.6-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-appclient-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-common-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-ear-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-ejb-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-web-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-msc-0:1.1.5-1.Final_redhat_1.1.ep6.el5
  • jboss-remoting3-0:3.3.1-1.Final_redhat_1.1.ep6.el5
  • jboss-saaj-api_1.3_spec-0:1.0.3-3.Final_redhat_1.1.ep6.el5
  • jboss-sasl-0:1.0.4-2.Final_redhat_1.1.ep6.el5
  • jboss-security-negotiation-0:2.3.3-1.Final_redhat_1.1.ep6.el5
  • jboss-transaction-api_1.1_spec-0:1.0.1-10.Final_redhat_2.2.ep6.el5
  • jboss-transaction-spi-0:7.1.0-2.Final_redhat_1.1.ep6.el5
  • jboss-vfs2-0:3.2.5-1.Final_redhat_1.1.ep6.el5
  • jbossas-appclient-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-bundles-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-core-0:7.4.0-16.Final_redhat_19.1.ep6.el5
  • jbossas-domain-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el5
  • jbossas-javadocs-0:7.4.0-20.Final_redhat_19.1.ep6.el5
  • jbossas-jbossweb-native-0:1.1.30-2.redhat_1.ep6.el5
  • jbossas-modules-eap-0:7.4.0-38.Final_redhat_19.1.ep6.el5
  • jbossas-product-eap-0:7.4.0-19.Final_redhat_19.1.ep6.el5
  • jbossas-standalone-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-welcome-content-eap-0:7.4.0-17.Final_redhat_19.1.ep6.el5
  • jbossts-1:4.17.21-2.Final_redhat_2.1.ep6.el5
  • jbossweb-0:7.4.8-4.Final_redhat_4.1.ep6.el5
  • jbossws-common-0:2.3.0-1.Final_redhat_1.1.ep6.el5
  • jbossws-cxf-0:4.3.0-3.Final_redhat_3.1.ep6.el5
  • jbossws-native-0:4.2.0-1.Final_redhat_1.1.ep6.el5
  • jbossws-spi-0:2.3.0-2.Final_redhat_1.1.ep6.el5
  • jdom-eap6-0:1.1.2-6.redhat_4.1.ep6.el5
  • jettison-eap6-0:1.3.1-3.redhat_4.1.ep6.el5
  • jgroups-1:3.2.13-1.Final_redhat_1.1.ep6.el5
  • joda-time-eap6-0:1.6.2-1.redhat_4.1.ep6.el5
  • jython-eap6-0:2.5.2-6.redhat_3.1.ep6.el5
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-demo-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el5
  • mod_rt-0:2.4.1-3.GA.ep6.el5
  • mod_rt-debuginfo-0:2.4.1-3.GA.ep6.el5
  • mod_snmp-0:2.4.1-7.GA.ep6.el5
  • mod_snmp-debuginfo-0:2.4.1-7.GA.ep6.el5
  • mod_ssl-1:2.2.26-35.ep6.el5
  • netty-0:3.6.9-1.Final_redhat_1.1.ep6.el5
  • opensaml-0:2.5.3-4.redhat_2.1.ep6.el5
  • openws-0:1.4.4-3.redhat_2.1.ep6.el5
  • picketlink-bindings-0:2.5.3-8.SP10_redhat_1.1.ep6.el5
  • picketlink-federation-0:2.5.3-9.SP10_redhat_1.1.ep6.el5
  • resteasy-0:2.3.8-4.Final_redhat_3.1.ep6.el5
  • rngom-eap6-0:201103-2.redhat_3.1.ep6.el5
  • scannotation-0:1.0.3-6.redhat_4.2.ep6.el5
  • slf4j-0:1.7.2-13.redhat_3.1.ep6.el5
  • slf4j-eap6-0:1.7.2-13.redhat_3.1.ep6.el5
  • slf4j-jboss-logmanager-0:1.0.3-1.GA_redhat_1.1.ep6.el5
  • snakeyaml-eap6-0:1.8-1.redhat_2.2.ep6.el5
  • stilts-0:0.1.26-13.redhat_4.2.ep6.el5
  • sun-codemodel-0:2.6-4.redhat_2.2.ep6.el5
  • sun-istack-commons-1:2.6.1-10.redhat_2.2.ep6.el5
  • sun-saaj-1.3-impl-0:1.3.16-9.redhat_3.1.ep6.el5
  • sun-txw2-0:20110809-7.redhat_4.1.ep6.el5
  • sun-xsom-0:20110809-7.redhat_3.1.ep6.el5
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el5
  • weld-core-0:1.1.23-1.Final_redhat_1.1.ep6.el5
  • woodstox-core-eap6-0:4.2.0-12.redhat_4.1.ep6.el5
  • woodstox-stax2-api-eap6-0:3.1.3-3.redhat_1.1.ep6.el5
  • ws-commons-neethi-0:3.0.2-8.redhat_3.1.ep6.el5
  • wsdl4j-eap6-0:1.6.3-1.redhat_1.1.ep6.el5
  • xml-commons-resolver-eap6-0:1.2-17.redhat_9.1.ep6.el5
  • xmltooling-0:1.3.4-6.redhat_3.1.ep6.el5
  • xom-0:1.2.7-3.redhat_4.1.ep6.el5
  • apache-commons-beanutils-eap6-0:1.8.3-7.redhat_6.1.ep6.el6
  • apache-commons-cli-eap6-0:1.2-6.redhat_4.1.ep6.el6
  • apache-commons-codec-eap6-0:1.4-16.redhat_3.1.ep6.el6
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-configuration-eap6-0:1.6-1.redhat_3.1.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-io-eap6-0:2.1-8.redhat_3.1.ep6.el6
  • apache-commons-lang-eap6-0:2.6-8.redhat_3.1.ep6.el6
  • apache-mime4j-0:0.6-10.redhat_3.1.ep6.el6
  • cal10n-eap6-0:0.7.3-2.redhat_4.1.ep6.el6
  • codehaus-jackson-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-core-asl-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-jaxrs-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-mapper-asl-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-xc-0:1.9.9-7.redhat_3.ep6.el6
  • ecj-eap6-0:4.3.1-3.redhat_1.1.ep6.el6
  • glassfish-jaf-0:1.1.1-16.redhat_2.ep6.el6
  • glassfish-jaxb-eap6-0:2.2.5-20.redhat_8.1.ep6.el6
  • gnu-getopt-eap6-0:1.0.13-1.redhat_4.1.ep6.el6
  • guava-libraries-0:13.0.1-3.redhat_1.1.ep6.el6
  • h2database-0:1.3.168-7.redhat_4.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-infinispan-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-validator-0:4.3.1-2.Final_redhat_1.1.ep6.el6
  • hornetq-0:2.3.20-1.Final_redhat_1.1.ep6.el6
  • hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el6
  • hornetq-native-debuginfo-0:2.3.20-2.Final_redhat_1.ep6.el6
  • httpclient-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-client-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-core-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-project-eap6-0:6-10.redhat_1.3.ep6.el6
  • httpcore-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpd-0:2.2.26-35.ep6.el6
  • httpd-debuginfo-0:2.2.26-35.ep6.el6
  • httpd-devel-0:2.2.26-35.ep6.el6
  • httpd-manual-0:2.2.26-35.ep6.el6
  • httpd-tools-0:2.2.26-35.ep6.el6
  • httpmime-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • infinispan-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-jdbc-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-remote-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-client-hotrod-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-core-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-spi-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-deployers-common-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-jdbc-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-spec-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-validator-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • jandex-eap6-0:1.0.3-3.Final_redhat_2.2.ep6.el6
  • jansi-eap6-0:1.9-2.redhat_4.3.ep6.el6
  • jaxbintros-0:1.0.2-17.GA_redhat_6.1.ep6.el6
  • jaxen-eap6-0:1.1.3-2.redhat_4.1.ep6.el6
  • jboss-as-appclient-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-cli-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-client-all-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-clustering-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-cmp-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-connector-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-console-0:2.2.8-1.Final_redhat_1.1.ep6.el6
  • jboss-as-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-controller-client-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-core-security-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jboss-as-deployment-repository-0:7.4.0-14.Final_redhat_19.1.ep6.el6
  • jboss-as-deployment-scanner-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-domain-http-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-domain-management-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ee-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ee-deployment-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ejb3-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-embedded-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-host-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jacorb-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jaxr-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jaxrs-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jdr-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jpa-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jsf-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jsr77-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-logging-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-mail-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-management-client-content-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-messaging-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-modcluster-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-naming-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-network-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-service-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-picketlink-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-platform-mbean-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-pojo-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-process-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-protocol-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-remoting-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-sar-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-security-0:7.4.0-14.Final_redhat_19.1.ep6.el6
  • jboss-as-server-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-system-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-threads-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-transactions-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-version-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-web-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-webservices-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-weld-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-xts-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-genericjms-0:1.0.5-1.Final_redhat_1.1.ep6.el6
  • jboss-hal-0:2.2.8-1.Final_redhat_1.1.ep6.el6
  • jboss-jaxws-api_2.2_spec-0:2.0.2-4.Final_redhat_1.1.ep6.el6
  • jboss-jms-api_1.1_spec-0:1.0.1-8.Final_redhat_2.2.ep6.el6
  • jboss-jstl-api_1.2_spec-0:1.0.6-1.Final_redhat_1.1.ep6.el6
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el6
  • jboss-marshalling-0:1.4.6-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-appclient-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-common-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-ear-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-ejb-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-web-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-msc-0:1.1.5-1.Final_redhat_1.1.ep6.el6
  • jboss-remoting3-0:3.3.1-1.Final_redhat_1.1.ep6.el6
  • jboss-saaj-api_1.3_spec-0:1.0.3-3.Final_redhat_1.1.ep6.el6
  • jboss-sasl-0:1.0.4-2.Final_redhat_1.1.ep6.el6
  • jboss-security-negotiation-0:2.3.3-1.Final_redhat_1.1.ep6.el6
  • jboss-transaction-api_1.1_spec-0:1.0.1-10.Final_redhat_2.2.ep6.el6
  • jboss-transaction-spi-0:7.1.0-2.Final_redhat_1.1.ep6.el6
  • jboss-vfs2-0:3.2.5-1.Final_redhat_1.1.ep6.el6
  • jbossas-appclient-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-bundles-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-core-0:7.4.0-16.Final_redhat_19.1.ep6.el6
  • jbossas-domain-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el6
  • jbossas-javadocs-0:7.4.0-20.Final_redhat_19.1.ep6.el6
  • jbossas-jbossweb-native-0:1.1.30-2.redhat_1.ep6.el6
  • jbossas-modules-eap-0:7.4.0-38.Final_redhat_19.1.ep6.el6
  • jbossas-product-eap-0:7.4.0-19.Final_redhat_19.1.ep6.el6
  • jbossas-standalone-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-welcome-content-eap-0:7.4.0-17.Final_redhat_19.1.ep6.el6
  • jbossts-1:4.17.21-2.Final_redhat_2.1.ep6.el6
  • jbossweb-0:7.4.8-4.Final_redhat_4.1.ep6.el6
  • jbossws-common-0:2.3.0-1.Final_redhat_1.1.ep6.el6
  • jbossws-cxf-0:4.3.0-3.Final_redhat_3.1.ep6.el6
  • jbossws-native-0:4.2.0-1.Final_redhat_1.1.ep6.el6
  • jbossws-spi-0:2.3.0-2.Final_redhat_1.1.ep6.el6
  • jdom-eap6-0:1.1.2-6.redhat_4.1.ep6.el6
  • jettison-eap6-0:1.3.1-3.redhat_4.1.ep6.el6
  • jgroups-1:3.2.13-1.Final_redhat_1.1.ep6.el6
  • joda-time-eap6-0:1.6.2-1.redhat_4.1.ep6.el6
  • jython-eap6-0:2.5.2-6.redhat_3.1.ep6.el6
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-demo-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el6
  • mod_rt-0:2.4.1-5.GA.ep6.el6
  • mod_rt-debuginfo-0:2.4.1-5.GA.ep6.el6
  • mod_snmp-0:2.4.1-8.GA.ep6.el6
  • mod_snmp-debuginfo-0:2.4.1-8.GA.ep6.el6
  • mod_ssl-1:2.2.26-35.ep6.el6
  • netty-0:3.6.9-1.Final_redhat_1.1.ep6.el6
  • opensaml-0:2.5.3-4.redhat_2.1.ep6.el6
  • openws-0:1.4.4-3.redhat_2.1.ep6.el6
  • picketlink-bindings-0:2.5.3-8.SP10_redhat_1.1.ep6.el6
  • picketlink-federation-0:2.5.3-9.SP10_redhat_1.1.ep6.el6
  • resteasy-0:2.3.8-4.Final_redhat_3.1.ep6.el6
  • rngom-eap6-0:201103-2.redhat_3.1.ep6.el6
  • scannotation-0:1.0.3-6.redhat_4.2.ep6.el6
  • slf4j-eap6-0:1.7.2-13.redhat_3.1.ep6.el6
  • slf4j-jboss-logmanager-0:1.0.3-1.GA_redhat_1.1.ep6.el6
  • snakeyaml-eap6-0:1.8-1.redhat_2.2.ep6.el6
  • stilts-0:0.1.26-13.redhat_4.2.ep6.el6
  • sun-codemodel-0:2.6-4.redhat_2.2.ep6.el6
  • sun-istack-commons-1:2.6.1-10.redhat_2.2.ep6.el6
  • sun-saaj-1.3-impl-0:1.3.16-9.redhat_3.1.ep6.el6
  • sun-txw2-0:20110809-7.redhat_4.1.ep6.el6
  • sun-xsom-0:20110809-7.redhat_3.1.ep6.el6
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el6
  • weld-core-0:1.1.23-1.Final_redhat_1.1.ep6.el6
  • woodstox-core-eap6-0:4.2.0-12.redhat_4.1.ep6.el6
  • woodstox-stax2-api-eap6-0:3.1.3-3.redhat_1.1.ep6.el6
  • ws-commons-neethi-0:3.0.2-8.redhat_3.1.ep6.el6
  • wsdl4j-eap6-0:1.6.3-1.redhat_1.1.ep6.el6
  • xml-commons-resolver-eap6-0:1.2-17.redhat_9.1.ep6.el6
  • xmltooling-0:1.3.4-6.redhat_3.1.ep6.el6
  • xom-0:1.2.7-3.redhat_4.1.ep6.el6
  • antlr-eap6-0:2.7.7-17.redhat_4.1.ep6.el6
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-collections-tomcat-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-daemon-eap6-1:1.0.15-5.redhat_1.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-logging-eap6-0:1.1.1-7.9_redhat_1.ep6.el6
  • apache-commons-logging-tomcat-eap6-0:1.1.1-7.9_redhat_1.ep6.el6
  • apache-commons-pool-eap6-0:1.6-7.redhat_6.1.ep6.el6
  • apache-commons-pool-tomcat-eap6-0:1.6-7.redhat_6.1.ep6.el6
  • dom4j-eap6-0:1.6.1-20.redhat_6.1.ep6.el6
  • ecj3-1:3.7.2-9.redhat_3.1.ep6.el6
  • hibernate4-c3p0-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-infinispan-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • httpd-0:2.2.26-35.ep6.el6
  • httpd-debuginfo-0:2.2.26-35.ep6.el6
  • httpd-devel-0:2.2.26-35.ep6.el6
  • httpd-manual-0:2.2.26-35.ep6.el6
  • httpd-tools-0:2.2.26-35.ep6.el6
  • javassist-eap6-0:3.18.1-1.GA_redhat_1.1.ep6.el6
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el6
  • jboss-transaction-api_1.1_spec-0:1.0.1-12.Final_redhat_2.2.ep6.el6
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-tomcat6-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-tomcat7-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-manual-0:1.2.40-2.redhat_1.ep6.el6
  • mod_rt-0:2.4.1-6.GA.ep6.el6
  • mod_rt-debuginfo-0:2.4.1-6.GA.ep6.el6
  • mod_snmp-0:2.4.1-13.GA.ep6.el6
  • mod_snmp-debuginfo-0:2.4.1-13.GA.ep6.el6
  • mod_ssl-1:2.2.26-35.ep6.el6
  • storeconfig-tc6-0:0.0.1-7.Alpha3_redhat_12.3.ep6.el6
  • storeconfig-tc7-0:0.0.1-7.Alpha3_redhat_12.5.ep6.el6
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat6-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-admin-webapps-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-docs-webapp-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-el-2.1-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-javadoc-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-jsp-2.1-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-lib-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-log4j-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-servlet-2.5-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-webapps-0:6.0.41-5_patch_02.ep6.el6
  • tomcat7-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-admin-webapps-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-docs-webapp-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-el-2.2-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-javadoc-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-jsp-2.2-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-lib-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-log4j-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-servlet-3.0-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-webapps-0:7.0.54-6_patch_02.ep6.el6
  • antlr-eap6-0:2.7.7-17.redhat_4.1.ep6.el5
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-collections-tomcat-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-daemon-eap6-1:1.0.15-5.redhat_1.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-pool-eap6-0:1.6-7.redhat_6.1.ep6.el5
  • apache-commons-pool-tomcat-eap6-0:1.6-7.redhat_6.1.ep6.el5
  • dom4j-eap6-0:1.6.1-20.redhat_6.1.ep6.el5
  • ecj3-1:3.7.2-9.redhat_3.1.ep6.el5
  • hibernate4-c3p0-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-core-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-entitymanager-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-envers-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-infinispan-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • httpd-0:2.2.26-35.ep6.el5
  • httpd-debuginfo-0:2.2.26-35.ep6.el5
  • httpd-devel-0:2.2.26-35.ep6.el5
  • httpd-manual-0:2.2.26-35.ep6.el5
  • httpd-tools-0:2.2.26-35.ep6.el5
  • javassist-eap6-0:3.18.1-1.GA_redhat_1.1.ep6.el5
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el5
  • jboss-transaction-api_1.1_spec-0:1.0.1-12.Final_redhat_2.2.ep6.el5
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-tomcat6-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-tomcat7-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-manual-0:1.2.40-2.redhat_1.ep6.el5
  • mod_rt-0:2.4.1-6.GA.ep6.el5
  • mod_rt-debuginfo-0:2.4.1-6.GA.ep6.el5
  • mod_snmp-0:2.4.1-13.GA.ep6.el5
  • mod_snmp-debuginfo-0:2.4.1-13.GA.ep6.el5
  • mod_ssl-1:2.2.26-35.ep6.el5
  • storeconfig-tc6-0:0.0.1-7.Alpha3_redhat_12.3.ep6.el5
  • storeconfig-tc7-0:0.0.1-7.Alpha3_redhat_12.5.ep6.el5
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat6-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-admin-webapps-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-docs-webapp-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-el-2.1-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-javadoc-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-jsp-2.1-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-lib-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-log4j-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-servlet-2.5-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-webapps-0:6.0.41-6_patch_02.ep6.el5
  • tomcat7-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-admin-webapps-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-docs-webapp-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-el-2.2-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-javadoc-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-jsp-2.2-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-lib-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-log4j-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-servlet-3.0-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-webapps-0:7.0.54-6_patch_02.ep6.el5
  • tomcat-0:7.0.54-2.ael7b_1
  • tomcat-0:7.0.54-2.el7_1
  • tomcat-admin-webapps-0:7.0.54-2.ael7b_1
  • tomcat-admin-webapps-0:7.0.54-2.el7_1
  • tomcat-docs-webapp-0:7.0.54-2.ael7b_1
  • tomcat-docs-webapp-0:7.0.54-2.el7_1
  • tomcat-el-2.2-api-0:7.0.54-2.ael7b_1
  • tomcat-el-2.2-api-0:7.0.54-2.el7_1
  • tomcat-javadoc-0:7.0.54-2.ael7b_1
  • tomcat-javadoc-0:7.0.54-2.el7_1
  • tomcat-jsp-2.2-api-0:7.0.54-2.ael7b_1
  • tomcat-jsp-2.2-api-0:7.0.54-2.el7_1
  • tomcat-jsvc-0:7.0.54-2.ael7b_1
  • tomcat-jsvc-0:7.0.54-2.el7_1
  • tomcat-lib-0:7.0.54-2.ael7b_1
  • tomcat-lib-0:7.0.54-2.el7_1
  • tomcat-servlet-3.0-api-0:7.0.54-2.ael7b_1
  • tomcat-servlet-3.0-api-0:7.0.54-2.el7_1
  • tomcat-webapps-0:7.0.54-2.ael7b_1
  • tomcat-webapps-0:7.0.54-2.el7_1
  • tomcat6-0:6.0.24-83.el6_6
  • tomcat6-admin-webapps-0:6.0.24-83.el6_6
  • tomcat6-debuginfo-0:6.0.24-83.el6_6
  • tomcat6-docs-webapp-0:6.0.24-83.el6_6
  • tomcat6-el-2.1-api-0:6.0.24-83.el6_6
  • tomcat6-javadoc-0:6.0.24-83.el6_6
  • tomcat6-jsp-2.1-api-0:6.0.24-83.el6_6
  • tomcat6-lib-0:6.0.24-83.el6_6
  • tomcat6-servlet-2.5-api-0:6.0.24-83.el6_6
  • tomcat6-webapps-0:6.0.24-83.el6_6

References