First published: Thu Jan 24 2013(Updated: )
An attack technique against the W3C XML Encryption Standard when block<br>ciphers were used in CBC mode could allow a remote attacker to conduct<br>chosen-ciphertext attacks, leading to the recovery of the entire plain text<br>of a particular cryptogram. (CVE-2011-1096)<br>JBoss Web Services leaked side-channel data when distributing symmetric<br>keys (for XML encryption), allowing a remote attacker to recover the entire<br>plain text form of a symmetric key. (CVE-2011-2487)<br>Spring framework could possibly evaluate Expression Language (EL)<br>expressions twice, allowing a remote attacker to execute arbitrary code in<br>the context of the application server, or to obtain sensitive information<br>from the server. Manual action is required to apply this fix. Refer to the<br>Solution section. (CVE-2011-2730)<br>Apache CXF checked to ensure XML elements were signed or encrypted by a<br>Supporting Token, but not whether the correct token was used. A remote<br>attacker could transmit confidential information without the appropriate<br>security, and potentially circumvent access controls on web services<br>exposed via Apache CXF. Refer to the Solution section for details.<br>(CVE-2012-2379)<br>When an application used FORM authentication, along with another component<br>that calls request.setUserPrincipal() before the call to<br>FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was<br>possible to bypass the security constraint checks in the FORM authenticator<br>by appending "/j_security_check" to the end of a URL. (CVE-2012-3546)<br>The JMX Console was vulnerable to CSRF attacks, allowing a remote attacker<br>to hijack the authenticated JMX Console session of an administrator.<br>(CVE-2011-2908)<br>An XSS flaw allowed a remote attacker to perform an XSS attack against<br>victims using the JMX Console. (CVE-2011-4575)<br>SecurityAssociation.getCredential() returned the previous credential if<br>no security context was provided. Depending on the deployed applications,<br>this could possibly allow a remote attacker to hijack the credentials of a<br>previously-authenticated user. (CVE-2012-3370)<br>Configuring the JMX Invoker to restrict access to users with specific<br>roles did not actually restrict access, allowing remote attackers with<br>valid JMX Invoker credentials to perform JMX operations accessible to<br>roles they are not a member of. (CVE-2012-5478)<br>twiddle.sh accepted credentials as command line arguments, allowing local<br>users to view them via a process listing. (CVE-2009-5066)<br>NonManagedConnectionFactory logged the username and password in plain text<br>when an exception was thrown. This could lead to the exposure of<br>authentication credentials if local users had permissions to read the log<br>file. (CVE-2012-0034)<br>The JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets allow<br>unauthenticated access by default in some profiles. The security<br>interceptor's second layer of authentication prevented direct exploitation<br>of this flaw. If the interceptor was misconfigured or inadvertently<br>disabled, this flaw could lead to arbitrary code execution in the context<br>of the user running the JBoss server. (CVE-2012-0874)<br>The JGroups diagnostics service was enabled with no authentication when a<br>JGroups channel was started, allowing attackers on the adjacent network to<br>read diagnostic information. (CVE-2012-2377)<br>CallerIdentityLoginModule retained the password from the previous call if a<br>null password was provided. In non-default configurations this could<br>possibly lead to a remote attacker hijacking a previously-authenticated<br>user's session. (CVE-2012-3369)<br>Red Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum for<br>reporting CVE-2011-1096 and CVE-2011-2487; the Apache CXF project for<br>reporting CVE-2012-2379; and Tyler Krpata for reporting CVE-2011-4575.<br>CVE-2012-3370 and CVE-2012-3369 were discovered by Carlo de Wolf of Red<br>Hat; CVE-2012-5478 discovered by Derek Horton of Red Hat; CVE-2012-0874<br>discovered by David Jorm of Red Hat; and CVE-2012-2377 was discovered by<br>Red Hat.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/aopalliance | <1.0-5.2.jdk6.ep5.el5 | 1.0-5.2.jdk6.ep5.el5 |
redhat/apache-cxf | <2.2.12-6.1.patch_04.ep5.el5 | 2.2.12-6.1.patch_04.ep5.el5 |
redhat/bsh2 | <2.0-0.b4.15.1.patch01.ep5.el5 | 2.0-0.b4.15.1.patch01.ep5.el5 |
redhat/glassfish-jaxb | <2.1.12-12_patch_03.ep5.el5 | 2.1.12-12_patch_03.ep5.el5 |
redhat/google-guice | <2.0-3.ep5.el5 | 2.0-3.ep5.el5 |
redhat/hibernate3 | <3.3.2-1.5.GA_CP05.ep5.el5 | 3.3.2-1.5.GA_CP05.ep5.el5 |
redhat/hibernate3-annotations | <3.4.0-3.3.GA_CP05.ep5.el5 | 3.4.0-3.3.GA_CP05.ep5.el5 |
redhat/hibernate3-entitymanager | <3.4.0-4.4.GA_CP05.ep5.el5 | 3.4.0-4.4.GA_CP05.ep5.el5 |
redhat/hibernate3-search | <3.1.1-2.4.GA_CP05.ep5.el5 | 3.1.1-2.4.GA_CP05.ep5.el5 |
redhat/hornetq | <2.2.24-1.EAP.GA.ep5.el5 | 2.2.24-1.EAP.GA.ep5.el5 |
redhat/hornetq-native | <2.2.20-1.EAP.GA.1.ep5.el5 | 2.2.20-1.EAP.GA.1.ep5.el5 |
redhat/jacorb-jboss | <2.3.2-2.jboss_1.ep5.el5 | 2.3.2-2.jboss_1.ep5.el5 |
redhat/javassist | <3.12.0-6.SP1.ep5.el5 | 3.12.0-6.SP1.ep5.el5 |
redhat/jboss-aop2 | <2.1.6-5.CP06.ep5.el5 | 2.1.6-5.CP06.ep5.el5 |
redhat/jboss-bootstrap | <1.0.2-1.ep5.el5 | 1.0.2-1.ep5.el5 |
redhat/jboss-cache-core | <3.2.11-1.GA.ep5.el5 | 3.2.11-1.GA.ep5.el5 |
redhat/jboss-cache-pojo | <3.0.1-1.1.ep5.el5 | 3.0.1-1.1.ep5.el5 |
redhat/jboss-cl | <2.0.11-1.GA.ep5.el5 | 2.0.11-1.GA.ep5.el5 |
redhat/jboss-cluster-ha-server-api | <1.2.1-2.ep5.el5 | 1.2.1-2.ep5.el5 |
redhat/jboss-common-beans | <1.0.1-2.1.Final.ep5.el5 | 1.0.1-2.1.Final.ep5.el5 |
redhat/jboss-common-core | <2.2.21-1.ep5.el5 | 2.2.21-1.ep5.el5 |
redhat/jboss-eap5-native | <5.2.0-6.ep5.el5 | 5.2.0-6.ep5.el5 |
redhat/jboss-ejb3-cache | <1.0.0-4.ep5.el5 | 1.0.0-4.ep5.el5 |
redhat/jboss-ejb3-core | <1.3.9-0.4.ep5.el5 | 1.3.9-0.4.ep5.el5 |
redhat/jboss-ejb3-ext-api | <1.0.0-4.1.ep5.el5 | 1.0.0-4.1.ep5.el5 |
redhat/jboss-ejb3-ext-api-impl | <1.0.0-3.7.ep5.el5 | 1.0.0-3.7.ep5.el5 |
redhat/jboss-ejb3-interceptors | <1.0.9-0.1.ep5.el5 | 1.0.9-0.1.ep5.el5 |
redhat/jboss-ejb3-metadata | <1.0.0-3.ep5.el5 | 1.0.0-3.ep5.el5 |
redhat/jboss-ejb3-metrics-deployer | <1.1.1-0.1.ep5.el5 | 1.1.1-0.1.ep5.el5 |
redhat/jboss-ejb3-security | <1.0.2-0.5.ep5.el5 | 1.0.2-0.5.ep5.el5 |
redhat/jboss-ejb3-timeout | <0.1.1-0.5.ep5.el5 | 0.1.1-0.5.ep5.el5 |
redhat/jboss-ejb3-transactions | <1.0.2-1.4.ep5.el5 | 1.0.2-1.4.ep5.el5 |
redhat/jboss-javaee | <5.0.2-2.ep5.el5 | 5.0.2-2.ep5.el5 |
redhat/jboss-jpa-deployers | <1.0.0-6.1SP2.ep5.el5 | 1.0.0-6.1SP2.ep5.el5 |
redhat/jboss-logmanager | <1.1.2-6.GA_patch_01.ep5.el5 | 1.1.2-6.GA_patch_01.ep5.el5 |
redhat/jboss-messaging | <1.4.8-12.SP9.1.ep5.el5 | 1.4.8-12.SP9.1.ep5.el5 |
redhat/jboss-naming | <5.0.3-5.1.CP02.ep5.el5 | 5.0.3-5.1.CP02.ep5.el5 |
redhat/jboss-reflect | <2.0.4-2.1.ep5.el5 | 2.0.4-2.1.ep5.el5 |
redhat/jboss-remoting | <2.5.4-10.SP4.1.ep5.el5 | 2.5.4-10.SP4.1.ep5.el5 |
redhat/jboss-seam2 | <2.2.6.EAP5-10.ep5.el5 | 2.2.6.EAP5-10.ep5.el5 |
redhat/jboss-security-negotiation | <2.1.3-1.GA.ep5.el5 | 2.1.3-1.GA.ep5.el5 |
redhat/jboss-security-spi | <2.0.5-4.SP3_1.ep5.el5 | 2.0.5-4.SP3_1.ep5.el5 |
redhat/jboss-vfs2 | <2.2.1-4.GA.ep5.el5 | 2.2.1-4.GA.ep5.el5 |
redhat/jbossas | <5.2.0-14.ep5.el5 | 5.2.0-14.ep5.el5 |
redhat/jbossas-hornetq | <5.2.0-5.ep5.el5 | 5.2.0-5.ep5.el5 |
redhat/jbossas-tp-licenses | <5.2.0-7.ep5.el5 | 5.2.0-7.ep5.el5 |
redhat/jbossas-ws-cxf | <5.2.0-7.ep5.el5 | 5.2.0-7.ep5.el5 |
redhat/jbosssx2 | <2.0.5-8.SP3_1.ep5.el5 | 2.0.5-8.SP3_1.ep5.el5 |
redhat/jbossts | <4.6.1-12.CP13.8.ep5.el5 | 4.6.1-12.CP13.8.ep5.el5 |
redhat/jbossweb | <2.1.13-2_patch_01.ep5.el5 | 2.1.13-2_patch_01.ep5.el5 |
redhat/jbossws | <3.1.2-13.SP15_patch_01.ep5.el5 | 3.1.2-13.SP15_patch_01.ep5.el5 |
redhat/jbossws-common | <1.1.0-9.SP10.ep5.el5 | 1.1.0-9.SP10.ep5.el5 |
redhat/jbossws-framework | <3.1.2-9.SP13.ep5.el5 | 3.1.2-9.SP13.ep5.el5 |
redhat/jbossws-spi | <1.1.2-6.SP8.ep5.el5 | 1.1.2-6.SP8.ep5.el5 |
redhat/jgroups | <2.6.22-1.ep5.el5 | 2.6.22-1.ep5.el5 |
redhat/jopr-embedded | <1.3.4-19.SP6.9.ep5.el5 | 1.3.4-19.SP6.9.ep5.el5 |
redhat/jopr-hibernate-plugin | <3.0.0-14.EmbJopr5.ep5.el5 | 3.0.0-14.EmbJopr5.ep5.el5 |
redhat/jopr-jboss-as | <5-plugin-3.0.0-14.EmbJopr5.ep5.el5 | 5-plugin-3.0.0-14.EmbJopr5.ep5.el5 |
redhat/jopr-jboss-cache-v3-plugin | <3.0.0-15.EmbJopr5.ep5.el5 | 3.0.0-15.EmbJopr5.ep5.el5 |
redhat/netty | <3.2.5-6.ep5.el5 | 3.2.5-6.ep5.el5 |
redhat/picketlink-federation | <2.1.5-3.ep5.el5 | 2.1.5-3.ep5.el5 |
redhat/picketlink-quickstarts | <2.1.5-1.ep5.el5 | 2.1.5-1.ep5.el5 |
redhat/resteasy | <1.2.1-18.CP02_patch02.1.ep5.el5 | 1.2.1-18.CP02_patch02.1.ep5.el5 |
redhat/rh-eap-docs | <5.2.0-6.ep5.el5 | 5.2.0-6.ep5.el5 |
redhat/rhq | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-jmx-plugin | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-platform-plugin | <3.0.0-14.EmbJopr5.ep5.el5 | 3.0.0-14.EmbJopr5.ep5.el5 |
redhat/spring2 | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/wss4j | <1.5.12-4.1_patch_02.ep5.el5 | 1.5.12-4.1_patch_02.ep5.el5 |
redhat/xerces-j2 | <2.9.1-10.patch02.ep5.el5 | 2.9.1-10.patch02.ep5.el5 |
redhat/xml-commons | <1.3.04-8.2_patch_01.ep5.el5 | 1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-security | <1.5.1-2.ep5.el5 | 1.5.1-2.ep5.el5 |
redhat/aopalliance | <1.0-5.2.jdk6.ep5.el5 | 1.0-5.2.jdk6.ep5.el5 |
redhat/apache-cxf | <2.2.12-6.1.patch_04.ep5.el5 | 2.2.12-6.1.patch_04.ep5.el5 |
redhat/bsh2 | <2.0-0.b4.15.1.patch01.ep5.el5 | 2.0-0.b4.15.1.patch01.ep5.el5 |
redhat/bsh2-bsf | <2.0-0.b4.15.1.patch01.ep5.el5 | 2.0-0.b4.15.1.patch01.ep5.el5 |
redhat/glassfish-jaxb | <2.1.12-12_patch_03.ep5.el5 | 2.1.12-12_patch_03.ep5.el5 |
redhat/google-guice | <2.0-3.ep5.el5 | 2.0-3.ep5.el5 |
redhat/hibernate3 | <3.3.2-1.5.GA_CP05.ep5.el5 | 3.3.2-1.5.GA_CP05.ep5.el5 |
redhat/hibernate3-annotations | <3.4.0-3.3.GA_CP05.ep5.el5 | 3.4.0-3.3.GA_CP05.ep5.el5 |
redhat/hibernate3-annotations-javadoc | <3.4.0-3.3.GA_CP05.ep5.el5 | 3.4.0-3.3.GA_CP05.ep5.el5 |
redhat/hibernate3-entitymanager | <3.4.0-4.4.GA_CP05.ep5.el5 | 3.4.0-4.4.GA_CP05.ep5.el5 |
redhat/hibernate3-entitymanager-javadoc | <3.4.0-4.4.GA_CP05.ep5.el5 | 3.4.0-4.4.GA_CP05.ep5.el5 |
redhat/hibernate3-javadoc | <3.3.2-1.5.GA_CP05.ep5.el5 | 3.3.2-1.5.GA_CP05.ep5.el5 |
redhat/hibernate3-search | <3.1.1-2.4.GA_CP05.ep5.el5 | 3.1.1-2.4.GA_CP05.ep5.el5 |
redhat/hibernate3-search-javadoc | <3.1.1-2.4.GA_CP05.ep5.el5 | 3.1.1-2.4.GA_CP05.ep5.el5 |
redhat/hornetq | <2.2.24-1.EAP.GA.ep5.el5 | 2.2.24-1.EAP.GA.ep5.el5 |
redhat/hornetq-native | <2.2.20-1.EAP.GA.1.ep5.el5 | 2.2.20-1.EAP.GA.1.ep5.el5 |
redhat/jacorb-jboss | <2.3.2-2.jboss_1.ep5.el5 | 2.3.2-2.jboss_1.ep5.el5 |
redhat/javassist | <3.12.0-6.SP1.ep5.el5 | 3.12.0-6.SP1.ep5.el5 |
redhat/jboss-aop2 | <2.1.6-5.CP06.ep5.el5 | 2.1.6-5.CP06.ep5.el5 |
redhat/jboss-bootstrap | <1.0.2-1.ep5.el5 | 1.0.2-1.ep5.el5 |
redhat/jboss-cache-core | <3.2.11-1.GA.ep5.el5 | 3.2.11-1.GA.ep5.el5 |
redhat/jboss-cache-pojo | <3.0.1-1.1.ep5.el5 | 3.0.1-1.1.ep5.el5 |
redhat/jboss-cl | <2.0.11-1.GA.ep5.el5 | 2.0.11-1.GA.ep5.el5 |
redhat/jboss-cluster-ha-server-api | <1.2.1-2.ep5.el5 | 1.2.1-2.ep5.el5 |
redhat/jboss-common-beans | <1.0.1-2.1.Final.ep5.el5 | 1.0.1-2.1.Final.ep5.el5 |
redhat/jboss-common-core | <2.2.21-1.ep5.el5 | 2.2.21-1.ep5.el5 |
redhat/jboss-eap5-native | <5.2.0-6.ep5.el5 | 5.2.0-6.ep5.el5 |
redhat/jboss-ejb | <3.0-api-5.0.2-2.ep5.el5 | 3.0-api-5.0.2-2.ep5.el5 |
redhat/jboss-ejb3-cache | <1.0.0-4.ep5.el5 | 1.0.0-4.ep5.el5 |
redhat/jboss-ejb3-core | <1.3.9-0.4.ep5.el5 | 1.3.9-0.4.ep5.el5 |
redhat/jboss-ejb3-ext-api | <1.0.0-4.1.ep5.el5 | 1.0.0-4.1.ep5.el5 |
redhat/jboss-ejb3-ext-api-impl | <1.0.0-3.7.ep5.el5 | 1.0.0-3.7.ep5.el5 |
redhat/jboss-ejb3-interceptors | <1.0.9-0.1.ep5.el5 | 1.0.9-0.1.ep5.el5 |
redhat/jboss-ejb3-metadata | <1.0.0-3.ep5.el5 | 1.0.0-3.ep5.el5 |
redhat/jboss-ejb3-metrics-deployer | <1.1.1-0.1.ep5.el5 | 1.1.1-0.1.ep5.el5 |
redhat/jboss-ejb3-security | <1.0.2-0.5.ep5.el5 | 1.0.2-0.5.ep5.el5 |
redhat/jboss-ejb3-timeout | <0.1.1-0.5.ep5.el5 | 0.1.1-0.5.ep5.el5 |
redhat/jboss-ejb3-timeout | <3.0-api-0.1.1-0.5.ep5.el5 | 3.0-api-0.1.1-0.5.ep5.el5 |
redhat/jboss-ejb3-timeout-spi | <0.1.1-0.5.ep5.el5 | 0.1.1-0.5.ep5.el5 |
redhat/jboss-ejb3-transactions | <1.0.2-1.4.ep5.el5 | 1.0.2-1.4.ep5.el5 |
redhat/jboss-jacc | <1.1-api-5.0.2-2.ep5.el5 | 1.1-api-5.0.2-2.ep5.el5 |
redhat/jboss-jad | <1.2-api-5.0.2-2.ep5.el5 | 1.2-api-5.0.2-2.ep5.el5 |
redhat/jboss-jaspi | <1.0-api-5.0.2-2.ep5.el5 | 1.0-api-5.0.2-2.ep5.el5 |
redhat/jboss-javaee | <5.0.2-2.ep5.el5 | 5.0.2-2.ep5.el5 |
redhat/jboss-javaee-poms | <5.0.2-2.ep5.el5 | 5.0.2-2.ep5.el5 |
redhat/jboss-jca | <1.5-api-5.0.2-2.ep5.el5 | 1.5-api-5.0.2-2.ep5.el5 |
redhat/jboss-jms | <1.1-api-5.0.2-2.ep5.el5 | 1.1-api-5.0.2-2.ep5.el5 |
redhat/jboss-jpa-deployers | <1.0.0-6.1SP2.ep5.el5 | 1.0.0-6.1SP2.ep5.el5 |
redhat/jboss-logmanager | <1.1.2-6.GA_patch_01.ep5.el5 | 1.1.2-6.GA_patch_01.ep5.el5 |
redhat/jboss-messaging | <1.4.8-12.SP9.1.ep5.el5 | 1.4.8-12.SP9.1.ep5.el5 |
redhat/jboss-naming | <5.0.3-5.1.CP02.ep5.el5 | 5.0.3-5.1.CP02.ep5.el5 |
redhat/jboss-reflect | <2.0.4-2.1.ep5.el5 | 2.0.4-2.1.ep5.el5 |
redhat/jboss-remoting | <2.5.4-10.SP4.1.ep5.el5 | 2.5.4-10.SP4.1.ep5.el5 |
redhat/jboss-seam2 | <2.2.6.EAP5-10.ep5.el5 | 2.2.6.EAP5-10.ep5.el5 |
redhat/jboss-seam2-docs | <2.2.6.EAP5-10.ep5.el5 | 2.2.6.EAP5-10.ep5.el5 |
redhat/jboss-seam2-examples | <2.2.6.EAP5-10.ep5.el5 | 2.2.6.EAP5-10.ep5.el5 |
redhat/jboss-seam2-runtime | <2.2.6.EAP5-10.ep5.el5 | 2.2.6.EAP5-10.ep5.el5 |
redhat/jboss-security-negotiation | <2.1.3-1.GA.ep5.el5 | 2.1.3-1.GA.ep5.el5 |
redhat/jboss-security-spi | <2.0.5-4.SP3_1.ep5.el5 | 2.0.5-4.SP3_1.ep5.el5 |
redhat/jboss-transaction | <1.0.1-api-5.0.2-2.ep5.el5 | 1.0.1-api-5.0.2-2.ep5.el5 |
redhat/jboss-vfs2 | <2.2.1-4.GA.ep5.el5 | 2.2.1-4.GA.ep5.el5 |
redhat/jbossas | <5.2.0-14.ep5.el5 | 5.2.0-14.ep5.el5 |
redhat/jbossas-client | <5.2.0-14.ep5.el5 | 5.2.0-14.ep5.el5 |
redhat/jbossas-hornetq | <5.2.0-5.ep5.el5 | 5.2.0-5.ep5.el5 |
redhat/jbossas-messaging | <5.2.0-14.ep5.el5 | 5.2.0-14.ep5.el5 |
redhat/jbossas-tp-licenses | <5.2.0-7.ep5.el5 | 5.2.0-7.ep5.el5 |
redhat/jbossas-ws-cxf | <5.2.0-7.ep5.el5 | 5.2.0-7.ep5.el5 |
redhat/jbossas-ws-native | <5.2.0-14.ep5.el5 | 5.2.0-14.ep5.el5 |
redhat/jbosssx2 | <2.0.5-8.SP3_1.ep5.el5 | 2.0.5-8.SP3_1.ep5.el5 |
redhat/jbossts | <4.6.1-12.CP13.8.ep5.el5 | 4.6.1-12.CP13.8.ep5.el5 |
redhat/jbossts-javadoc | <4.6.1-12.CP13.8.ep5.el5 | 4.6.1-12.CP13.8.ep5.el5 |
redhat/jbossweb | <2.1.13-2_patch_01.ep5.el5 | 2.1.13-2_patch_01.ep5.el5 |
redhat/jbossweb-el | <1.0-api-2.1.13-2_patch_01.ep5.el5 | 1.0-api-2.1.13-2_patch_01.ep5.el5 |
redhat/jbossweb-jsp | <2.1-api-2.1.13-2_patch_01.ep5.el5 | 2.1-api-2.1.13-2_patch_01.ep5.el5 |
redhat/jbossweb-lib | <2.1.13-2_patch_01.ep5.el5 | 2.1.13-2_patch_01.ep5.el5 |
redhat/jbossweb-servlet | <2.5-api-2.1.13-2_patch_01.ep5.el5 | 2.5-api-2.1.13-2_patch_01.ep5.el5 |
redhat/jbossws | <3.1.2-13.SP15_patch_01.ep5.el5 | 3.1.2-13.SP15_patch_01.ep5.el5 |
redhat/jbossws-common | <1.1.0-9.SP10.ep5.el5 | 1.1.0-9.SP10.ep5.el5 |
redhat/jbossws-framework | <3.1.2-9.SP13.ep5.el5 | 3.1.2-9.SP13.ep5.el5 |
redhat/jbossws-spi | <1.1.2-6.SP8.ep5.el5 | 1.1.2-6.SP8.ep5.el5 |
redhat/jgroups | <2.6.22-1.ep5.el5 | 2.6.22-1.ep5.el5 |
redhat/jopr-embedded | <1.3.4-19.SP6.9.ep5.el5 | 1.3.4-19.SP6.9.ep5.el5 |
redhat/jopr-hibernate-plugin | <3.0.0-14.EmbJopr5.ep5.el5 | 3.0.0-14.EmbJopr5.ep5.el5 |
redhat/jopr-jboss-as | <5-plugin-3.0.0-14.EmbJopr5.ep5.el5 | 5-plugin-3.0.0-14.EmbJopr5.ep5.el5 |
redhat/jopr-jboss-cache-v3-plugin | <3.0.0-15.EmbJopr5.ep5.el5 | 3.0.0-15.EmbJopr5.ep5.el5 |
redhat/netty | <3.2.5-6.ep5.el5 | 3.2.5-6.ep5.el5 |
redhat/picketlink-federation | <2.1.5-3.ep5.el5 | 2.1.5-3.ep5.el5 |
redhat/picketlink-quickstarts | <2.1.5-1.ep5.el5 | 2.1.5-1.ep5.el5 |
redhat/picketlink-quickstarts-idp | <2.1.5-1.ep5.el5 | 2.1.5-1.ep5.el5 |
redhat/picketlink-quickstarts-pdp | <2.1.5-1.ep5.el5 | 2.1.5-1.ep5.el5 |
redhat/picketlink-quickstarts-sts | <2.1.5-1.ep5.el5 | 2.1.5-1.ep5.el5 |
redhat/resteasy | <1.2.1-18.CP02_patch02.1.ep5.el5 | 1.2.1-18.CP02_patch02.1.ep5.el5 |
redhat/resteasy-examples | <1.2.1-18.CP02_patch02.1.ep5.el5 | 1.2.1-18.CP02_patch02.1.ep5.el5 |
redhat/resteasy-javadoc | <1.2.1-18.CP02_patch02.1.ep5.el5 | 1.2.1-18.CP02_patch02.1.ep5.el5 |
redhat/resteasy-manual | <1.2.1-18.CP02_patch02.1.ep5.el5 | 1.2.1-18.CP02_patch02.1.ep5.el5 |
redhat/rh-eap-docs | <5.2.0-6.ep5.el5 | 5.2.0-6.ep5.el5 |
redhat/rh-eap-docs-examples | <5.2.0-6.ep5.el5 | 5.2.0-6.ep5.el5 |
redhat/rhq | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-ant-bundle-common | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-common-parent | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-client-api | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-comm-api | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-dbutils | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-domain | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-gui | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-native-system | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-parent | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-plugin-api | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-plugin-container | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-plugindoc | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-core-util | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-filetemplate-bundle-common | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-helpers | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-jboss-as-common | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-jmx-plugin | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-modules-parent | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-parent | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-platform-plugin | <3.0.0-14.EmbJopr5.ep5.el5 | 3.0.0-14.EmbJopr5.ep5.el5 |
redhat/rhq-plugin-validator | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-plugins-parent | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/rhq-rtfilter | <3.0.0-21.EmbJopr5.ep5.el5 | 3.0.0-21.EmbJopr5.ep5.el5 |
redhat/spring2 | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/spring2-agent | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/spring2-all | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/spring2-aop | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/spring2-beans | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/spring2-context | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/spring2-core | <2.5.6-9.SEC03.1.ep5.el5 | 2.5.6-9.SEC03.1.ep5.el5 |
redhat/wss4j | <1.5.12-4.1_patch_02.ep5.el5 | 1.5.12-4.1_patch_02.ep5.el5 |
redhat/xerces-j2 | <2.9.1-10.patch02.ep5.el5 | 2.9.1-10.patch02.ep5.el5 |
redhat/xerces-j2-scripts | <2.9.1-10.patch02.ep5.el5 | 2.9.1-10.patch02.ep5.el5 |
redhat/xml-commons | <1.3.04-8.2_patch_01.ep5.el5 | 1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-jaxp | <1.1-apis-1.3.04-8.2_patch_01.ep5.el5 | 1.1-apis-1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-jaxp | <1.2-apis-1.3.04-8.2_patch_01.ep5.el5 | 1.2-apis-1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-jaxp | <1.3-apis-1.3.04-8.2_patch_01.ep5.el5 | 1.3-apis-1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-resolver10 | <1.3.04-8.2_patch_01.ep5.el5 | 1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-resolver11 | <1.3.04-8.2_patch_01.ep5.el5 | 1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-resolver12 | <1.3.04-8.2_patch_01.ep5.el5 | 1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-which10 | <1.3.04-8.2_patch_01.ep5.el5 | 1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-commons-which11 | <1.3.04-8.2_patch_01.ep5.el5 | 1.3.04-8.2_patch_01.ep5.el5 |
redhat/xml-security | <1.5.1-2.ep5.el5 | 1.5.1-2.ep5.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.