{ "threat_severity" : "Moderate", "public_date" : "2009-08-05T00:00:00Z", "bugzilla" : { "description" : "JDK: XML parsing Denial-Of-Service (6845701)", "id" : "512921", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=512921" }, "cvss" : { "cvss_base_score" : "5.0", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status" : "verified" }, "details" : [ "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", "Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML headers." ], "affected_release" : [ { "product_name" : "Extras for RHEL 3", "release_date" : "2009-10-14T00:00:00Z", "advisory" : "RHSA-2009:1505", "cpe" : "cpe:/a:redhat:rhel_extras:3", "package" : "java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el3" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-08-06T00:00:00Z", "advisory" : "RHSA-2009:1199", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.5.0-sun-0:1.5.0.20-1jpp.1.el4" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-08-06T00:00:00Z", "advisory" : "RHSA-2009:1200", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-08-28T00:00:00Z", "advisory" : "RHSA-2009:1236", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.5.0-ibm-1:1.5.0.10-1jpp.4.el4" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-10-14T00:00:00Z", "advisory" : "RHSA-2009:1505", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el4" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-11-12T00:00:00Z", "advisory" : "RHSA-2009:1582", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.6.0-ibm-1:1.6.0.6-1jpp.3.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "glassfish-jsf-0:1.2_13-2.1.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jacorb-0:2.3.0-1jpp.ep1.9.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossas-0:4.2.0-5.GA_CP08.5.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-common-0:1.2.1-0jpp.ep1.3.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-remoting-0:2.2.3-3.SP1.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-seam-0:1.2.1-1.ep1.22.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jcommon-0:1.0.16-1.1.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jfreechart-0:1.0.13-2.3.1.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jgroups-1:2.4.7-1.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "glassfish-jsf-0:1.2_13-2.1.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jacorb-0:2.3.0-1jpp.ep1.9.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-remoting-0:2.2.3-3.SP1.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-seam-0:1.2.1-1.ep1.14.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jcommon-0:1.0.16-1.1.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jfreechart-0:1.0.13-2.3.1.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jgroups-1:2.4.7-1.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2009-12-10T00:00:00Z", "advisory" : "RHSA-2009:1650", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2009-08-06T00:00:00Z", "advisory" : "RHSA-2009:1201", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2009-11-30T00:00:00Z", "advisory" : "RHSA-2009:1615", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "xerces-j2-0:2.7.1-7jpp.2.el5_4.2" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2011-06-08T00:00:00Z", "advisory" : "RHSA-2011:0858", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "xerces-j2-0:2.7.1-12.6.el6_0" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "glassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "glassfish-jsf-0:1.2_13-2.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jacorb-0:2.3.0-1jpp.ep1.9.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossas-0:4.3.0-6.GA_CP07.4.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-common-0:1.2.1-0jpp.ep1.3.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-remoting-0:2.2.3-3.SP1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-seam2-0:2.0.2.FP-1.ep1.21.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jcommon-0:1.0.16-1.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jfreechart-0:1.0.13-2.3.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jgroups-1:2.4.7-1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1636", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "glassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "glassfish-jsf-0:1.2_13-2.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jacorb-0:2.3.0-1jpp.ep1.9.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-remoting-0:2.2.3-3.SP1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-seam2-0:2.0.2.FP-1.ep1.18.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jcommon-0:1.0.16-1.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jfreechart-0:1.0.13-2.3.1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jgroups-1:2.4.7-1.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2009-12-09T00:00:00Z", "advisory" : "RHSA-2009:1649", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5" }, { "product_name" : "Red Hat JBoss Operations Network 3.1", "release_date" : "2012-06-12T00:00:00Z", "advisory" : "RHSA-2012:0725", "cpe" : "cpe:/a:redhat:jboss_operations_network:3.1" }, { "product_name" : "Red Hat JBoss Portal 5.2", "release_date" : "2012-09-05T00:00:00Z", "advisory" : "RHSA-2012:1232", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2" }, { "product_name" : "Red Hat JBoss Web Framework Kit 2.2", "release_date" : "2013-04-22T00:00:00Z", "advisory" : "RHSA-2013:0763", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_framework:2.2.0" }, { "product_name" : "Red Hat Network Satellite Server v 5.1", "release_date" : "2009-12-11T00:00:00Z", "advisory" : "RHSA-2009:1662", "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4", "package" : "java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4" }, { "product_name" : "Red Hat Network Satellite Server v 5.3", "release_date" : "2010-01-14T00:00:00Z", "advisory" : "RHSA-2010:0043", "cpe" : "cpe:/a:redhat:network_satellite:5.3::el4", "package" : "java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5" }, { "product_name" : "RHEL 4 for SAP", "release_date" : "2009-11-04T00:00:00Z", "advisory" : "RHSA-2009:1551", "cpe" : "cpe:/a:redhat:rhel_extras_sap:4", "package" : "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8" }, { "product_name" : "RHEL 5 for SAP", "release_date" : "2009-11-04T00:00:00Z", "advisory" : "RHSA-2009:1551", "cpe" : "cpe:/a:redhat:rhel_extras_sap:5", "package" : "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3" }, { "product_name" : "RHEV Manager version 3.0", "release_date" : "2012-12-04T00:00:00Z", "advisory" : "RHSA-2012:1537", "cpe" : "cpe:/a:redhat:rhev_manager:3", "package" : "jasperreports-server-pro-0:4.7.1-2.el6ev" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-08-06T00:00:00Z", "advisory" : "RHSA-2009:1199", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-sun-0:1.5.0.20-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-08-06T00:00:00Z", "advisory" : "RHSA-2009:1200", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-08-28T00:00:00Z", "advisory" : "RHSA-2009:1236", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.10-1jpp.4.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-10-14T00:00:00Z", "advisory" : "RHSA-2009:1505", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-11-12T00:00:00Z", "advisory" : "RHSA-2009:1582", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.6-1jpp.3.el5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-2625\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2625" ], "name" : "CVE-2009-2625", "csaw" : false }