CVE-2008-5515 - Vulnerability Details

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Tomcat
Redhat	Certificate System Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Server Network Satellite Rhel Application Server Rhel Developer Suite

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat:4.1.0:::::::*
	cpe:2.3:a:apache:tomcat:4.1.1:::::::*
	cpe:2.3:a:apache:tomcat:4.1.2:::::::*
	cpe:2.3:a:apache:tomcat:4.1.3:::::::*
	cpe:2.3:a:apache:tomcat:4.1.10:::::::*
	cpe:2.3:a:apache:tomcat:4.1.11:::::::*
	cpe:2.3:a:apache:tomcat:4.1.12:::::::*
	cpe:2.3:a:apache:tomcat:4.1.13:::::::*
	cpe:2.3:a:apache:tomcat:4.1.14:::::::*
	cpe:2.3:a:apache:tomcat:4.1.15:::::::*
	cpe:2.3:a:apache:tomcat:4.1.16:::::::*
	cpe:2.3:a:apache:tomcat:4.1.17:::::::*
	cpe:2.3:a:apache:tomcat:4.1.18:::::::*
	cpe:2.3:a:apache:tomcat:4.1.19:::::::*
	cpe:2.3:a:apache:tomcat:4.1.20:::::::*
	cpe:2.3:a:apache:tomcat:4.1.21:::::::*
	cpe:2.3:a:apache:tomcat:4.1.22:::::::*
	cpe:2.3:a:apache:tomcat:4.1.23:::::::*
	cpe:2.3:a:apache:tomcat:4.1.24:::::::*
	cpe:2.3:a:apache:tomcat:4.1.25:::::::*
	cpe:2.3:a:apache:tomcat:4.1.26:::::::*
	cpe:2.3:a:apache:tomcat:4.1.27:::::::*
	cpe:2.3:a:apache:tomcat:4.1.28:::::::*
	cpe:2.3:a:apache:tomcat:4.1.29:::::::*
	cpe:2.3:a:apache:tomcat:4.1.30:::::::*
	cpe:2.3:a:apache:tomcat:4.1.31:::::::*
	cpe:2.3:a:apache:tomcat:4.1.32:::::::*
	cpe:2.3:a:apache:tomcat:4.1.33:::::::*
	cpe:2.3:a:apache:tomcat:4.1.34:::::::*
	cpe:2.3:a:apache:tomcat:4.1.35:::::::*
	cpe:2.3:a:apache:tomcat:4.1.36:::::::*
	cpe:2.3:a:apache:tomcat:4.1.37:::::::*
	cpe:2.3:a:apache:tomcat:4.1.38:::::::*
	cpe:2.3:a:apache:tomcat:4.1.39:::::::*
	cpe:2.3:a:apache:tomcat:5.5.0:::::::*
	cpe:2.3:a:apache:tomcat:5.5.1:::::::*
	cpe:2.3:a:apache:tomcat:5.5.2:::::::*
	cpe:2.3:a:apache:tomcat:5.5.3:::::::*
	cpe:2.3:a:apache:tomcat:5.5.4:::::::*
	cpe:2.3:a:apache:tomcat:5.5.5:::::::*
	cpe:2.3:a:apache:tomcat:5.5.6:::::::*
	cpe:2.3:a:apache:tomcat:5.5.7:::::::*
	cpe:2.3:a:apache:tomcat:5.5.8:::::::*
	cpe:2.3:a:apache:tomcat:5.5.9:::::::*
	cpe:2.3:a:apache:tomcat:5.5.10:::::::*
	cpe:2.3:a:apache:tomcat:5.5.11:::::::*
	cpe:2.3:a:apache:tomcat:5.5.12:::::::*
	cpe:2.3:a:apache:tomcat:5.5.13:::::::*
	cpe:2.3:a:apache:tomcat:5.5.14:::::::*
	cpe:2.3:a:apache:tomcat:5.5.15:::::::*
	cpe:2.3:a:apache:tomcat:5.5.16:::::::*
	cpe:2.3:a:apache:tomcat:5.5.17:::::::*
	cpe:2.3:a:apache:tomcat:5.5.18:::::::*
	cpe:2.3:a:apache:tomcat:5.5.19:::::::*
	cpe:2.3:a:apache:tomcat:5.5.20:::::::*
	cpe:2.3:a:apache:tomcat:5.5.21:::::::*
	cpe:2.3:a:apache:tomcat:5.5.22:::::::*
	cpe:2.3:a:apache:tomcat:5.5.23:::::::*
	cpe:2.3:a:apache:tomcat:5.5.24:::::::*
	cpe:2.3:a:apache:tomcat:5.5.25:::::::*
	cpe:2.3:a:apache:tomcat:5.5.26:::::::*
	cpe:2.3:a:apache:tomcat:5.5.27:::::::*
	cpe:2.3:a:apache:tomcat:6.0:::::::*
	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.19.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
xerces-j2-0:2.7.1-9jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
JBEAP 4.2.0 for RHEL 5
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.13.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
JBEWS 1.0 for RHEL 4
tomcat5-0:5.5.23-1.patch07.19.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2009:1454	2009-09-21T00:00:00Z
tomcat6-0:6.0.18-11.3.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2009:1506	2009-10-14T00:00:00Z
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
Red Hat Developer Suite V.3
tomcat5-0:5.5.23-0jpp_18rh	cpe:/a:redhat:rhel_developer_suite:3	RHSA-2009:1563	2009-11-09T00:00:00Z
Red Hat Enterprise Linux 5
tomcat5-0:5.5.23-0jpp.7.el5_3.2	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1164	2009-07-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
glassfish-jaxb-0:2.1.4-1.11.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
xerces-j2-0:2.7.1-9jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 5
tomcat5-0:5.5.23-0jpp.9.6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2009:1454	2009-09-21T00:00:00Z
tomcat6-0:6.0.18-12.0.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2009:1506	2009-10-14T00:00:00Z
Red Hat Network Satellite Server v 5.1
tomcat5-0:5.0.30-0jpp_16rh	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2009:1617	2009-11-30T00:00:00Z
Red Hat Network Satellite Server v 5.2
tomcat5-0:5.5.23-0jpp_18rh	cpe:/a:redhat:network_satellite:5.2::el4	RHSA-2009:1616	2009-11-30T00:00:00Z
Red Hat Network Satellite Server v 5.3
tomcat5-0:5.5.23-0jpp_18rh	cpe:/a:redhat:network_satellite:5.3::el4	RHSA-2009:1616	2009-11-30T00:00:00Z
RHAPS Version 2 for RHEL 4
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:rhel_application_server:2	RHSA-2009:1562	2009-11-09T00:00:00Z

References

Link	Providers
http://jvn.jp/en/jp/JVN63832775/index.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://marc.info/?l=bugtraq&m=127420533226623&w=2
http://marc.info/?l=bugtraq&m=129070310906557&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://secunia.com/advisories/35393
http://secunia.com/advisories/35685
http://secunia.com/advisories/35788
http://secunia.com/advisories/37460
http://secunia.com/advisories/39317
http://secunia.com/advisories/42368
http://secunia.com/advisories/44183
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
http://support.apple.com/kb/HT4077
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2011/dsa-2207
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.securityfocus.com/archive/1/504170/100/0/threaded
http://www.securityfocus.com/archive/1/504202/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35263
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1520
http://www.vupen.com/english/advisories/2009/1535
http://www.vupen.com/english/advisories/2009/1856
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2010/3056
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2008-5515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
https://www.cve.org/CVERecord?id=CVE-2008-5515
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-06-16T20:26:00

Updated: 2024-08-07T10:56:46.803Z

Reserved: 2008-12-12T00:00:00

Link: CVE-2008-5515

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-06-16T21:00:00.313

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5515

Redhat

Severity : Important

Publid Date: 2009-06-08T00:00:00Z

Links: CVE-2008-5515 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T16:08:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "HPSBMA02535", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"name": "39317", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39317"}, {"name": "MDVSA-2009:138", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"name": "ADV-2009-1535", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1535"}, {"name": "FEDORA-2009-11356", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"name": "DSA-2207", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"name": "JVN#63832775", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN63832775/index.html"}, {"name": "HPSBUX02860", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37460"}, {"name": "ADV-2010-3056", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "35788", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35788"}, {"name": "SSRT100029", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"name": "20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "35263", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35263"}, {"name": "ADV-2009-1520", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1520"}, {"name": "44183", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44183"}, {"name": "ADV-2009-1856", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"name": "20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"}, {"name": "MDVSA-2010:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "42368", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42368"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-6.html"}, {"name": "35393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35393"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4077"}, {"name": "SUSE-SR:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"}, {"name": "FEDORA-2009-11374", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"name": "oval:org.mitre.oval:def:6445", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35685"}, {"name": "FEDORA-2009-11352", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-5.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "HPSBUX02579", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "SSRT101146", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "MDVSA-2009:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"name": "263529", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"name": "SSRT100203", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "oval:org.mitre.oval:def:10422", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"}, {"name": "oval:org.mitre.oval:def:19452", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:56:46.803Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "HPSBMA02535", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"name": "39317", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39317"}, {"name": "MDVSA-2009:138", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"name": "ADV-2009-1535", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1535"}, {"name": "FEDORA-2009-11356", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"name": "DSA-2207", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"name": "JVN#63832775", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN63832775/index.html"}, {"name": "HPSBUX02860", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37460"}, {"name": "ADV-2010-3056", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "35788", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35788"}, {"name": "SSRT100029", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"name": "20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "35263", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35263"}, {"name": "ADV-2009-1520", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1520"}, {"name": "44183", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44183"}, {"name": "ADV-2009-1856", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"name": "20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"}, {"name": "MDVSA-2010:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "42368", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42368"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-6.html"}, {"name": "35393", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35393"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4077"}, {"name": "SUSE-SR:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"}, {"name": "FEDORA-2009-11374", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"name": "oval:org.mitre.oval:def:6445", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35685"}, {"name": "FEDORA-2009-11352", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-5.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "HPSBUX02579", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "SSRT101146", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "MDVSA-2009:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"name": "263529", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"name": "SSRT100203", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "oval:org.mitre.oval:def:10422", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"}, {"name": "oval:org.mitre.oval:def:19452", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-5515", "datePublished": "2009-06-16T20:26:00", "dateReserved": "2008-12-12T00:00:00", "dateUpdated": "2024-08-07T10:56:46.803Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "084B3227-FE22-43E3-AE06-7BB257018690", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "6D536FF4-7582-4351-ABE3-876E20F8E7FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "11DDD82E-5D83-4581-B2F3-F12655BBF817", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "8A0F0C91-171E-421D-BE86-11567DEFC7BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "F22D2621-D305-43CE-B00D-9A7563B061F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*", "matchCriteriaId": "7F4245BA-B05C-49DE-B2E0-1E588209ED3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*", "matchCriteriaId": "8633532B-9785-4259-8840-B08529E20DCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*", "matchCriteriaId": "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*", "matchCriteriaId": "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*", "matchCriteriaId": "2EA52901-2D16-4F7E-BF5E-780B42A55D6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*", "matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*", "matchCriteriaId": "94941F86-0BBF-4F30-8F13-FB895A11ED69", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*", "matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*", "matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*", "matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*", "matchCriteriaId": "02FDE602-A56A-477E-B704-41AF92EEBB9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "matchCriteriaId": "5A28B11A-3BC7-41BC-8970-EE075B029F5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*", "matchCriteriaId": "4AD3E84C-9A2E-4586-A09E-CBDEB1E7F695", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*", "matchCriteriaId": "6EF54C08-5FF1-4D02-AA16-B13096BD566C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*", "matchCriteriaId": "D8F3B31D-8974-4016-ACAF-E7A917C99F84", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "34672E90-C220-436B-9143-480941227933", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "matchCriteriaId": "16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "matchCriteriaId": "5D70CFD9-B55D-4A29-B94C-D33F3E881A8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request."}, {"lang": "es", "value": "Apache Tomcat desde v4.1.0 hasta v4.1.39, desde v5.5.0 hasta v5.5.27, desde v6.0.0 hasta v6.0.18, y posiblemente versiones anteriores que normalizan la ruta del directorio objetivo antes de filtrar la cadena de petici\u00f3n cuando se utiliza el m\u00e9todo RequestDispatcher, lo que permitir\u00eda atacantes remotos evitar las restricciones de acceso previstas y que llevar\u00eda a un salto de directorio a trav\u00e9s de secuencias ..(punto punto) y el directorio WEB-INF en una petici\u00f3n."}], "id": "CVE-2008-5515", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-16T21:00:00.313", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://jvn.jp/en/jp/JVN63832775/index.html"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/35393"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/35685"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/35788"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37460"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39317"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/42368"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/44183"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT4077"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-4.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2207"}, {"source": "secalert@redhat.com", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35263"}, {"source": "secalert@redhat.com", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1520"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/1535"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://jvn.jp/en/jp/JVN63832775/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-4.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.3-2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.19.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.6-1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.3-2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.13.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jgroups-1:2.4.6-1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1454", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", "package": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4", "product_name": "JBEWS 1.0 for RHEL 4", "release_date": "2009-09-21T00:00:00Z"}, {"advisory": "RHSA-2009:1506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", "package": "tomcat6-0:6.0.18-11.3.ep5.el4", "product_name": "JBEWS 1.0 for RHEL 4", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "ant-0:1.6.5-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "avalon-logkit-0:1.2-2jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "axis-0:1.2.1-1jpp_3rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-jaf-0:1.0-2jpp_6rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-mail-0:1.1.1-2jpp_8rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "geronimo-specs-0:1.0-0.M4.1jpp_10rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "jakarta-commons-modeler-0:2.0-3jpp_2rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "log4j-0:1.2.12-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "mx4j-1:3.0.1-1jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "pcsc-lite-0:1.3.3-3.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-20.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-java-tools-0:7.3.0-10.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-kra-0:7.3.0-14.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-manage-0:7.3.0-19.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-native-tools-0:7.3.0-6.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ocsp-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tks-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xerces-j2-0:2.7.1-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xml-commons-0:1.3.02-2jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2009:1563", "cpe": "cpe:/a:redhat:rhel_developer_suite:3", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Developer Suite V.3", "release_date": "2009-11-09T00:00:00Z"}, {"advisory": "RHSA-2009:1164", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "tomcat5-0:5.5.23-0jpp.7.el5_3.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-07-21T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jgroups-1:2.4.6-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jgroups-1:2.4.6-1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1454", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2009-09-21T00:00:00Z"}, {"advisory": "RHSA-2009:1506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "tomcat6-0:6.0.18-12.0.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1617", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "tomcat5-0:5.0.30-0jpp_16rh", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1616", "cpe": "cpe:/a:redhat:network_satellite:5.2::el4", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Network Satellite Server v 5.2", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1616", "cpe": "cpe:/a:redhat:network_satellite:5.3::el4", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Network Satellite Server v 5.3", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1562", "cpe": "cpe:/a:redhat:rhel_application_server:2", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "RHAPS Version 2 for RHEL 4", "release_date": "2009-11-09T00:00:00Z"}], "bugzilla": {"description": "tomcat request dispatcher information disclosure vulnerability", "id": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"}, "csaw": false, "details": ["Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request."], "name": "CVE-2008-5515", "public_date": "2009-06-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-5515\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-5515"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object