CVE-2017-5664 - Vulnerability Details

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.10351.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Tomcat

affected

Version	Status	Constraints
`9.0.0.M1 to 9.0.0.M20`	affected	—
`8.5.0 to 8.5.14`	affected	—
`8.0.0.RC1 to 8.0.43`	affected	—
`7.0.0 to 7.0.77`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.5:::::::*
	cpe:2.3:a:apache:tomcat:7.0.5:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.6:::::::*
	cpe:2.3:a:apache:tomcat:7.0.7:::::::*
	cpe:2.3:a:apache:tomcat:7.0.8:::::::*
	cpe:2.3:a:apache:tomcat:7.0.9:::::::*
	cpe:2.3:a:apache:tomcat:7.0.10:::::::*
	cpe:2.3:a:apache:tomcat:7.0.11:::::::*
	cpe:2.3:a:apache:tomcat:7.0.12:::::::*
	cpe:2.3:a:apache:tomcat:7.0.13:::::::*
	cpe:2.3:a:apache:tomcat:7.0.14:::::::*
	cpe:2.3:a:apache:tomcat:7.0.15:::::::*
	cpe:2.3:a:apache:tomcat:7.0.16:::::::*
	cpe:2.3:a:apache:tomcat:7.0.17:::::::*
	cpe:2.3:a:apache:tomcat:7.0.18:::::::*
	cpe:2.3:a:apache:tomcat:7.0.19:::::::*
	cpe:2.3:a:apache:tomcat:7.0.20:::::::*
	cpe:2.3:a:apache:tomcat:7.0.21:::::::*
	cpe:2.3:a:apache:tomcat:7.0.22:::::::*
	cpe:2.3:a:apache:tomcat:7.0.23:::::::*
	cpe:2.3:a:apache:tomcat:7.0.24:::::::*
	cpe:2.3:a:apache:tomcat:7.0.25:::::::*
	cpe:2.3:a:apache:tomcat:7.0.26:::::::*
	cpe:2.3:a:apache:tomcat:7.0.27:::::::*
	cpe:2.3:a:apache:tomcat:7.0.28:::::::*
	cpe:2.3:a:apache:tomcat:7.0.29:::::::*
	cpe:2.3:a:apache:tomcat:7.0.30:::::::*
	cpe:2.3:a:apache:tomcat:7.0.31:::::::*
	cpe:2.3:a:apache:tomcat:7.0.32:::::::*
	cpe:2.3:a:apache:tomcat:7.0.33:::::::*
	cpe:2.3:a:apache:tomcat:7.0.34:::::::*
	cpe:2.3:a:apache:tomcat:7.0.35:::::::*
	cpe:2.3:a:apache:tomcat:7.0.36:::::::*
	cpe:2.3:a:apache:tomcat:7.0.37:::::::*
	cpe:2.3:a:apache:tomcat:7.0.38:::::::*
	cpe:2.3:a:apache:tomcat:7.0.39:::::::*
	cpe:2.3:a:apache:tomcat:7.0.40:::::::*
	cpe:2.3:a:apache:tomcat:7.0.41:::::::*
	cpe:2.3:a:apache:tomcat:7.0.42:::::::*
	cpe:2.3:a:apache:tomcat:7.0.43:::::::*
	cpe:2.3:a:apache:tomcat:7.0.44:::::::*
	cpe:2.3:a:apache:tomcat:7.0.45:::::::*
	cpe:2.3:a:apache:tomcat:7.0.46:::::::*
	cpe:2.3:a:apache:tomcat:7.0.47:::::::*
	cpe:2.3:a:apache:tomcat:7.0.48:::::::*
	cpe:2.3:a:apache:tomcat:7.0.49:::::::*
	cpe:2.3:a:apache:tomcat:7.0.50:::::::*
	cpe:2.3:a:apache:tomcat:7.0.51:::::::*
	cpe:2.3:a:apache:tomcat:7.0.54:::::::*
	cpe:2.3:a:apache:tomcat:7.0.55:::::::*
	cpe:2.3:a:apache:tomcat:7.0.56:::::::*
	cpe:2.3:a:apache:tomcat:7.0.57:::::::*
	cpe:2.3:a:apache:tomcat:7.0.58:::::::*
	cpe:2.3:a:apache:tomcat:7.0.59:::::::*
	cpe:2.3:a:apache:tomcat:7.0.60:::::::*
	cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:7.0.65:::::::*
cpe:2.3:a:apache:tomcat:7.0.66:::::::*
cpe:2.3:a:apache:tomcat:7.0.67:::::::*
cpe:2.3:a:apache:tomcat:7.0.68:::::::*
cpe:2.3:a:apache:tomcat:7.0.69:::::::*
cpe:2.3:a:apache:tomcat:7.0.70:::::::*
cpe:2.3:a:apache:tomcat:7.0.71:::::::*
cpe:2.3:a:apache:tomcat:7.0.72:::::::*
cpe:2.3:a:apache:tomcat:7.0.73:::::::*
cpe:2.3:a:apache:tomcat:7.0.74:::::::*
cpe:2.3:a:apache:tomcat:7.0.75:::::::*
cpe:2.3:a:apache:tomcat:7.0.76:::::::*
cpe:2.3:a:apache:tomcat:7.0.77:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
	cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
	cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
	cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
	cpe:2.3:a:apache:tomcat:8.0.1:::::::*
	cpe:2.3:a:apache:tomcat:8.0.2:::::::*
	cpe:2.3:a:apache:tomcat:8.0.3:::::::*
	cpe:2.3:a:apache:tomcat:8.0.4:::::::*
	cpe:2.3:a:apache:tomcat:8.0.5:::::::*
	cpe:2.3:a:apache:tomcat:8.0.6:::::::*
	cpe:2.3:a:apache:tomcat:8.0.7:::::::*
	cpe:2.3:a:apache:tomcat:8.0.9:::::::*
	cpe:2.3:a:apache:tomcat:8.0.10:::::::*
	cpe:2.3:a:apache:tomcat:8.0.11:::::::*
	cpe:2.3:a:apache:tomcat:8.0.12:::::::*
	cpe:2.3:a:apache:tomcat:8.0.13:::::::*
	cpe:2.3:a:apache:tomcat:8.0.14:::::::*
	cpe:2.3:a:apache:tomcat:8.0.15:::::::*
	cpe:2.3:a:apache:tomcat:8.0.16:::::::*
	cpe:2.3:a:apache:tomcat:8.0.17:::::::*
	cpe:2.3:a:apache:tomcat:8.0.18:::::::*
	cpe:2.3:a:apache:tomcat:8.0.19:::::::*
	cpe:2.3:a:apache:tomcat:8.0.20:::::::*
	cpe:2.3:a:apache:tomcat:8.0.21:::::::*
	cpe:2.3:a:apache:tomcat:8.0.22:::::::*
	cpe:2.3:a:apache:tomcat:8.0.23:::::::*
	cpe:2.3:a:apache:tomcat:8.0.24:::::::*
	cpe:2.3:a:apache:tomcat:8.0.25:::::::*
	cpe:2.3:a:apache:tomcat:8.0.26:::::::*
	cpe:2.3:a:apache:tomcat:8.0.27:::::::*
	cpe:2.3:a:apache:tomcat:8.0.28:::::::*
	cpe:2.3:a:apache:tomcat:8.0.29:::::::*
	cpe:2.3:a:apache:tomcat:8.0.30:::::::*
	cpe:2.3:a:apache:tomcat:8.0.31:::::::*
	cpe:2.3:a:apache:tomcat:8.0.32:::::::*
	cpe:2.3:a:apache:tomcat:8.0.33:::::::*
	cpe:2.3:a:apache:tomcat:8.0.34:::::::*
	cpe:2.3:a:apache:tomcat:8.0.35:::::::*
	cpe:2.3:a:apache:tomcat:8.0.36:::::::*
	cpe:2.3:a:apache:tomcat:8.0.37:::::::*
	cpe:2.3:a:apache:tomcat:8.0.38:::::::*
	cpe:2.3:a:apache:tomcat:8.0.39:::::::*
	cpe:2.3:a:apache:tomcat:8.0.40:::::::*
	cpe:2.3:a:apache:tomcat:8.0.41:::::::*
	cpe:2.3:a:apache:tomcat:8.0.42:::::::*
	cpe:2.3:a:apache:tomcat:8.0.43:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:apache:tomcat:8.5.0:::::::*
	cpe:2.3:a:apache:tomcat:8.5.1:::::::*
	cpe:2.3:a:apache:tomcat:8.5.2:::::::*
	cpe:2.3:a:apache:tomcat:8.5.3:::::::*
	cpe:2.3:a:apache:tomcat:8.5.4:::::::*
	cpe:2.3:a:apache:tomcat:8.5.5:::::::*
	cpe:2.3:a:apache:tomcat:8.5.6:::::::*
	cpe:2.3:a:apache:tomcat:8.5.7:::::::*
	cpe:2.3:a:apache:tomcat:8.5.8:::::::*
	cpe:2.3:a:apache:tomcat:8.5.9:::::::*
	cpe:2.3:a:apache:tomcat:8.5.10:::::::*
	cpe:2.3:a:apache:tomcat:8.5.11:::::::*
	cpe:2.3:a:apache:tomcat:8.5.12:::::::*
	cpe:2.3:a:apache:tomcat:8.5.13:::::::*
	cpe:2.3:a:apache:tomcat:8.5.14:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
tomcat6-0:6.0.24-111.el6_9	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:3080	2017-10-30T00:00:00Z
Red Hat Enterprise Linux 7
tomcat-0:7.0.69-12.el7_3	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:1809	2017-07-27T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2017:2633	2017-09-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5
apache-cxf-0:2.7.18-7.SP6_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
codehaus-jackson-0:1.9.9-11.redhat_5.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
hibernate4-eap6-0:4.2.27-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
hornetq-0:2.3.25-22.SP20_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
infinispan-0:5.2.22-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-bundles-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-cli-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-client-all-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-clustering-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-cmp-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-connector-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-controller-client-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-core-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-core-security-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-deployment-repository-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-deployment-scanner-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-domain-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-domain-http-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-domain-management-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-ee-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-ee-deployment-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-ejb3-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-embedded-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-host-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jacorb-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-javadocs-0:7.5.17-4.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jaxr-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jaxrs-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jdr-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jpa-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jsf-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-jsr77-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-logging-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-mail-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-management-client-content-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-messaging-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-modcluster-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-modules-eap-0:7.5.17-1.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-naming-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-network-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-osgi-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-osgi-service-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-picketlink-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-platform-mbean-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-pojo-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-process-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-product-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-protocol-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-remoting-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-sar-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-security-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-server-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-standalone-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-system-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-threads-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-transactions-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-version-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-web-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-webservices-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossas-welcome-content-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-weld-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-as-xts-0:7.5.17-2.Final_redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-marshalling-0:1.4.10-3.SP3_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-metadata-0:7.2.3-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-modules-0:1.3.10-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-remoting3-0:3.3.10-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jboss-vfs2-0:3.2.12-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
jbossweb-0:7.5.24-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
picketlink-bindings-0:2.5.4-17.SP15_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
picketlink-federation-0:2.5.4-17.SP15_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2017:2637	2017-09-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
apache-cxf-0:2.7.18-7.SP6_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
codehaus-jackson-0:1.9.9-11.redhat_5.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
hibernate4-eap6-0:4.2.27-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
hornetq-0:2.3.25-22.SP20_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
infinispan-0:5.2.22-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-bundles-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-cli-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-client-all-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-clustering-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-cmp-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-connector-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-controller-client-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-core-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-core-security-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-deployment-repository-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-deployment-scanner-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-domain-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-domain-http-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-domain-management-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-ee-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-ee-deployment-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-ejb3-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-embedded-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-host-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jacorb-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-javadocs-0:7.5.17-4.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jaxr-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jaxrs-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jdr-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jpa-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jsf-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-jsr77-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-logging-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-mail-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-management-client-content-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-messaging-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-modcluster-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-modules-eap-0:7.5.17-1.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-naming-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-network-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-osgi-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-osgi-service-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-picketlink-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-platform-mbean-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-pojo-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-process-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-product-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-protocol-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-remoting-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-sar-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-security-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-server-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-standalone-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-system-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-threads-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-transactions-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-version-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-web-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-webservices-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossas-welcome-content-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-weld-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-as-xts-0:7.5.17-2.Final_redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-marshalling-0:1.4.10-3.SP3_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-metadata-0:7.2.3-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-modules-0:1.3.10-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-remoting3-0:3.3.10-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-vfs2-0:3.2.12-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jbossweb-0:7.5.24-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
picketlink-bindings-0:2.5.4-17.SP15_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
picketlink-federation-0:2.5.4-17.SP15_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2635	2017-09-05T00:00:00Z
jboss-ec2-eap-0:7.5.17-1.Final_redhat_4.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2017:2638	2017-09-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
apache-cxf-0:2.7.18-7.SP6_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
codehaus-jackson-0:1.9.9-11.redhat_5.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
hibernate4-eap6-0:4.2.27-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
hornetq-0:2.3.25-22.SP20_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
infinispan-0:5.2.22-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-appclient-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-bundles-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-cli-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-client-all-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-clustering-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-cmp-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-connector-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-controller-client-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-core-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-core-security-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-deployment-repository-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-deployment-scanner-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-domain-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-domain-http-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-domain-management-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-ee-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-ee-deployment-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-ejb3-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-embedded-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-host-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jacorb-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-javadocs-0:7.5.17-4.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jaxr-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jaxrs-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jdr-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jpa-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jsf-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-jsr77-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-logging-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-mail-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-management-client-content-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-messaging-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-modcluster-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-modules-eap-0:7.5.17-1.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-naming-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-network-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-osgi-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-osgi-service-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-picketlink-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-platform-mbean-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-pojo-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-process-controller-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-product-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-protocol-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-remoting-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-sar-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-security-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-server-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-standalone-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-system-jmx-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-threads-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-transactions-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-version-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-web-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-webservices-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossas-welcome-content-eap-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-weld-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-as-xts-0:7.5.17-2.Final_redhat_4.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-marshalling-0:1.4.10-3.SP3_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-metadata-0:7.2.3-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-modules-0:1.3.10-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-remoting3-0:3.3.10-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jboss-vfs2-0:3.2.12-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
jbossweb-0:7.5.24-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
picketlink-bindings-0:2.5.4-17.SP15_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
picketlink-federation-0:2.5.4-17.SP15_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2017:2636	2017-09-05T00:00:00Z
Red Hat JBoss Enterprise Web Server 2 for RHEL 6
jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6	cpe:/a:redhat:jboss_enterprise_web_server:2::el6	RHSA-2017:2493	2017-08-21T00:00:00Z
tomcat6-0:6.0.41-17_patch_04.ep6.el6	cpe:/a:redhat:jboss_enterprise_web_server:2::el6	RHSA-2017:2493	2017-08-21T00:00:00Z
tomcat7-0:7.0.54-25_patch_05.ep6.el6	cpe:/a:redhat:jboss_enterprise_web_server:2::el6	RHSA-2017:2493	2017-08-21T00:00:00Z
Red Hat JBoss Enterprise Web Server 2 for RHEL 7
jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7	cpe:/a:redhat:jboss_enterprise_web_server:2::el7	RHSA-2017:2493	2017-08-21T00:00:00Z
tomcat6-0:6.0.41-17_patch_04.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:2::el7	RHSA-2017:2493	2017-08-21T00:00:00Z
tomcat7-0:7.0.54-25_patch_05.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:2::el7	RHSA-2017:2493	2017-08-21T00:00:00Z
Red Hat JBoss Web Server 2.1
tomcat6	cpe:/a:redhat:jboss_enterprise_web_server:2.1	RHSA-2017:2494	2017-08-21T00:00:00Z
tomcat7	cpe:/a:redhat:jboss_enterprise_web_server:2.1	RHSA-2017:2494	2017-08-21T00:00:00Z
Red Hat JBoss Web Server 3.1
	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2017:1802	2017-07-25T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:1801	2017-07-25T00:00:00Z
tomcat7-0:7.0.70-22.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:1801	2017-07-25T00:00:00Z
tomcat8-0:8.0.36-24.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:1801	2017-07-25T00:00:00Z
tomcat-native-0:1.2.8-10.redhat_10.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2017:1801	2017-07-25T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:1801	2017-07-25T00:00:00Z
tomcat7-0:7.0.70-22.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:1801	2017-07-25T00:00:00Z
tomcat8-0:8.0.36-24.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:1801	2017-07-25T00:00:00Z
tomcat-native-0:1.2.8-10.redhat_10.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2017:1801	2017-07-25T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Apache Subscribe	Tomcat Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Web Server Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-996-1	tomcat7 security update
Debian DSA	DSA-3891-1	tomcat8 security update
Debian DSA	DSA-3892-1	tomcat7 security update
Github GHSA	GHSA-jmvv-524f-hj5j	Improper Handling of Exceptional Conditions in Apache Tomcat
Ubuntu USN	USN-3519-1	Tomcat vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.debian.org/security/2017/dsa-3891
http://www.debian.org/security/2017/dsa-3892
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/98888
http://www.securitytracker.com/id/1038641
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:1809
https://access.redhat.com/errata/RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2494
https://access.redhat.com/errata/RHSA-2017:2633
https://access.redhat.com/errata/RHSA-2017:2635
https://access.redhat.com/errata/RHSA-2017:2636
https://access.redhat.com/errata/RHSA-2017:2637
https://access.redhat.com/errata/RHSA-2017:2638
https://access.redhat.com/errata/RHSA-2017:3080
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2017-5664
https://security.netapp.com/advisory/ntap-20171019-0002/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15
https://www.cve.org/CVERecord?id=CVE-2017-5664
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.12008}`	epss `{'score': 0.15475}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-06-06T14:00:00.000Z

Updated: 2024-08-05T15:11:48.039Z

Reserved: 2017-01-29T00:00:00.000Z

Link: CVE-2017-5664

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-06-06T14:29:00.937

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-5664

Redhat

Severity : Important

Publid Date: 2017-06-06T00:00:00Z

Links: CVE-2017-5664 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object