{ "threat_severity" : "Moderate", "public_date" : "2013-12-11T00:00:00Z", "bugzilla" : { "description" : "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "id" : "1043332", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, "cvss" : { "cvss_base_score" : "5.0", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-611", "details" : [ "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.", "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks." ], "acknowledgement" : "This issue was discovered by David Illsley, David Jorm (Red Hat Security Response Team), and Ron Gutierrez (Gotham Digital Science).", "affected_release" : [ { "product_name" : "Fuse ESB Enterprise 7.1.0", "release_date" : "2014-04-30T00:00:00Z", "advisory" : "RHSA-2014:0452", "cpe" : "cpe:/a:redhat:fuse_esb_enterprise:7.1.0" }, { "product_name" : "Fuse Management Console 7.1.0", "release_date" : "2014-04-30T00:00:00Z", "advisory" : "RHSA-2014:0452", "cpe" : "cpe:/a:redhat:fuse_management_console:7.1.0" }, { "product_name" : "Fuse MQ Enterprise 7.1.0", "release_date" : "2014-04-30T00:00:00Z", "advisory" : "RHSA-2014:0452", "cpe" : "cpe:/a:redhat:fuse_mq_enterprise:7.1.0" }, { "product_name" : "Red Hat JBoss BPMS 6.0", "release_date" : "2014-09-23T00:00:00Z", "advisory" : "RHSA-2014:1291", "cpe" : "cpe:/a:redhat:jboss_bpms:6.0", "package" : "xmltooling" }, { "product_name" : "Red Hat JBoss BRMS 6.0", "release_date" : "2014-09-23T00:00:00Z", "advisory" : "RHSA-2014:1290", "cpe" : "cpe:/a:redhat:jboss_brms:6.0", "package" : "xmltooling" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.2", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0172", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6.2.1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0170", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package" : "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date" : "2014-02-13T00:00:00Z", "advisory" : "RHSA-2014:0171", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package" : "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6.0", "release_date" : "2014-12-15T00:00:00Z", "advisory" : "RHSA-2014:1995", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6.0", "package" : "xmltooling" }, { "product_name" : "Red Hat JBoss Portal Platform 6.1", "release_date" : "2014-02-20T00:00:00Z", "advisory" : "RHSA-2014:0195", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:6.1.1" } ], "package_state" : [ { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Not affected", "package_name" : "xmltooling", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5", "fix_state" : "Will not fix", "package_name" : "xmltooling", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Not affected", "package_name" : "xmltooling", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat JBoss Portal 5", "fix_state" : "Will not fix", "package_name" : "xmltooling", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:5" }, { "product_name" : "Red Hat JBoss Portal 6", "fix_state" : "Affected", "package_name" : "xmltooling", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-6440\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6440\nhttp://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" ], "name" : "CVE-2013-6440", "csaw" : false }