{ "threat_severity" : "Important", "public_date" : "2013-10-15T00:00:00Z", "bugzilla" : { "description" : "commons-fileupload: Arbitrary file upload via deserialization", "id" : "974814", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=974814" }, "cvss" : { "cvss_base_score" : "7.5", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status" : "verified" }, "cwe" : "CWE-626", "details" : [ "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance." ], "affected_release" : [ { "product_name" : "JBoss Enterprise BRMS Platform 5.3", "release_date" : "2013-10-15T00:00:00Z", "advisory" : "RHSA-2013:1430", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3.1" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date" : "2013-10-15T00:00:00Z", "advisory" : "RHSA-2013:1428", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package" : "jakarta-commons-fileupload-1:1.1.1-7.7.ep5.el5" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1 for RHEL 6", "release_date" : "2013-10-15T00:00:00Z", "advisory" : "RHSA-2013:1428", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1::el6", "package" : "jakarta-commons-fileupload-1:1.1.1-7.7.ep5.el6" }, { "product_name" : "Red Hat JBoss Operations Network 3.1", "release_date" : "2013-10-21T00:00:00Z", "advisory" : "RHSA-2013:1448", "cpe" : "cpe:/a:redhat:jboss_operations_network:3.1.2" }, { "product_name" : "Red Hat JBoss Portal 4.3", "release_date" : "2013-10-15T00:00:00Z", "advisory" : "RHSA-2013:1430", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3.0:update7" }, { "product_name" : "Red Hat JBoss Portal 5.2", "release_date" : "2013-10-15T00:00:00Z", "advisory" : "RHSA-2013:1430", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2.2" }, { "product_name" : "Red Hat JBoss Portal Platform 6.0", "release_date" : "2013-10-15T00:00:00Z", "advisory" : "RHSA-2013:1430", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:6.0.0" }, { "product_name" : "Red Hat JBoss SOA Platform 4.3", "release_date" : "2013-10-17T00:00:00Z", "advisory" : "RHSA-2013:1442", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:4.3.0:update5" }, { "product_name" : "Red Hat JBoss SOA Platform 5.3", "release_date" : "2013-10-17T00:00:00Z", "advisory" : "RHSA-2013:1442", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3.1" }, { "product_name" : "Red Hat JBoss Web Server 1.0", "release_date" : "2013-10-15T00:00:00Z", "advisory" : "RHSA-2013:1429", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1.0.2" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "atomic-openshift-0:3.1.1.6-1.git.0.b57e8bd.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "heapster-0:0.18.2-3.gitaf4752e.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "jenkins-0:1.625.3-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-align-text-0:0.1.3-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-ansi-green-0:0.1.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-ansi-wrap-0:0.1.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-anymatch-0:1.3.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-array-unique-0:0.2.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-arr-diff-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-arr-flatten-0:1.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-arrify-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-async-each-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-binary-extensions-0:1.3.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-braces-0:1.8.2-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-capture-stack-trace-0:1.0.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-chokidar-0:1.4.1-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-configstore-0:1.4.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-create-error-class-0:2.0.1-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-deep-extend-0:0.3.2-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-duplexer-0:0.1.1-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-duplexify-0:3.4.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-end-of-stream-0:1.1.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-error-ex-0:1.2.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-es6-promise-0:3.0.2-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-event-stream-0:3.3.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-expand-brackets-0:0.1.4-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-expand-range-0:1.8.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-extglob-0:0.3.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-filename-regex-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-fill-range-0:2.2.3-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-for-in-0:0.1.4-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-for-own-0:0.1.3-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-from-0:0.1.3-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-glob-base-0:0.3.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-glob-parent-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-got-0:5.2.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-graceful-fs-0:4.1.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-ini-0:1.1.0-6.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-binary-path-0:1.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-dotfile-0:1.0.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-equal-shallow-0:0.1.3-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-extendable-0:0.1.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-extglob-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-glob-0:2.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-npm-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-number-0:2.1.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-isobject-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-plain-obj-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-primitive-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-redirect-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-is-stream-0:1.0.1-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-kind-of-0:3.0.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-latest-version-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lazy-cache-0:1.0.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.assign-0:3.2.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.baseassign-0:3.2.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.basecopy-0:3.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.bindcallback-0:3.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.createassigner-0:3.1.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.defaults-0:3.1.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.getnative-0:3.9.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.isarguments-0:3.0.4-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.isarray-0:3.0.4-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.isiterateecall-0:3.0.9-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.keys-0:3.1.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lodash.restparam-0:3.6.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-lowercase-keys-0:1.0.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-map-stream-0:0.1.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-micromatch-0:2.3.5-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-mkdirp-0:0.5.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-nodemon-0:1.8.1-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-node-status-codes-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-normalize-path-0:2.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-object-assign-0:4.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-object.omit-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-optimist-0:0.4.0-5.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-osenv-0:0.1.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-os-homedir-0:1.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-os-tmpdir-0:1.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-package-json-0:2.3.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-parse-glob-0:3.0.4-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-parse-json-0:2.2.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-pause-stream-0:0.0.11-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-pinkie-0:2.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-pinkie-promise-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-prepend-http-0:1.0.1-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-preserve-0:0.2.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-ps-tree-0:1.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-randomatic-0:1.1.5-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-rc-0:1.1.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-read-all-stream-0:3.0.1-3.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-readdirp-0:2.0.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-regex-cache-0:0.4.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-registry-url-0:3.0.3-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-repeat-element-0:1.1.2-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-semver-0:5.1.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-semver-diff-0:2.1.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-slide-0:1.1.5-3.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-split-0:0.3.3-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-stream-combiner-0:0.2.1-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-string-length-0:1.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-strip-json-comments-0:1.0.2-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-success-symbol-0:0.1.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-through-0:2.3.4-4.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-timed-out-0:2.0.0-3.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-touch-0:1.0.0-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-undefsafe-0:0.0.3-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-unzip-response-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-update-notifier-0:0.6.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-url-parse-lax-0:1.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-uuid-0:2.0.1-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-write-file-atomic-0:1.1.2-2.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nodejs-xdg-basedir-0:2.0.0-1.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "nss_wrapper-0:1.0.3-1.el7" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "openshift-ansible-0:3.0.35-1.git.0.6a386dd.el7aos" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "openvswitch-0:2.4.0-1.el7" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0070", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "origin-kibana-0:0.5.0-1.el7aos" } ], "package_state" : [ { "product_name" : "Red Hat JBoss BRMS 5", "fix_state" : "Affected", "package_name" : "commons-fileupload", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Affected", "package_name" : "commons-fileupload", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat JBoss Portal 4", "fix_state" : "Affected", "package_name" : "commons-fileupload", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:4" }, { "product_name" : "Red Hat JBoss Portal 5", "fix_state" : "Affected", "package_name" : "commons-fileupload", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:5" }, { "product_name" : "Red Hat JBoss Portal 6", "fix_state" : "Affected", "package_name" : "commons-fileupload", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:6" }, { "product_name" : "Red Hat JBoss SOA Platform 4", "fix_state" : "Affected", "package_name" : "commons-fileupload", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:4" }, { "product_name" : "Red Hat JBoss SOA Platform 5", "fix_state" : "Affected", "package_name" : "commons-fileupload", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-2186\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2186" ], "name" : "CVE-2013-2186", "csaw" : false }