ID
VAR-E-200703-0001
CVE
| cve_id: | CVE-2008-2938 | Trust: 3.9 |
| cve_id: | CVE-2007-0450 | Trust: 0.8 |
| cve_id: | CVE-2007-2449 | Trust: 0.8 |
| cve_id: | CVE-2007-1355 | Trust: 0.5 |
| cve_id: | CVE-2007-3386 | Trust: 0.5 |
| cve_id: | CVE-2006-3835 | Trust: 0.5 |
| cve_id: | CVE-2007-3382 | Trust: 0.3 |
| cve_id: | CVE-2007-3385 | Trust: 0.3 |
| cve_id: | CVE-2007-4724 | Trust: 0.3 |
| cve_id: | CVE-2006-7196 | Trust: 0.3 |
sources:
BID: 22960 //
BID: 25316 //
BID: 25531 //
BID: 24476 //
BID: 30633 //
PACKETSTORM: 69010 //
PACKETSTORM: 92240 //
PACKETSTORM: 57183 //
PACKETSTORM: 56883 //
PACKETSTORM: 55163 //
PACKETSTORM: 58554 //
PACKETSTORM: 74165 //
PACKETSTORM: 82649 //
EXPLOIT-DB: 6229 //
EDBNET: 30495
EDB ID
6229
TITLE
Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
Trust: 1.2
sources:
EDBNET: 70551 //
EDBNET: 9239
DESCRIPTION
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC). CVE-47464CVE-2008-2938 . remote exploit for Multiple platform
Trust: 1.0
sources:
EXPLOIT-DB: 6229
AFFECTED PRODUCTS
| vendor: | s u s e | model: | opensuse | scope: | eq | version: | 10.2 | Trust: 1.5 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0 | Trust: 1.5 |
| vendor: | suse | model: | linux enterprise server sp3 | scope: | eq | version: | 9 | Trust: 1.2 |
| vendor: | suse | model: | linux enterprise server sp1 | scope: | eq | version: | 10 | Trust: 1.2 |
| vendor: | suse | model: | linux enterprise server | scope: | eq | version: | 10 | Trust: 1.2 |
| vendor: | suse | model: | linux enterprise sdk | scope: | eq | version: | 10 | Trust: 1.2 |
| vendor: | suse | model: | linux enterprise desktop sp1 | scope: | eq | version: | 10 | Trust: 1.2 |
| vendor: | suse | model: | linux enterprise desktop | scope: | eq | version: | 10 | Trust: 1.2 |
| vendor: | suse | model: | linux professional x86 64 | scope: | eq | version: | 10.2 | Trust: 1.2 |
| vendor: | suse | model: | linux personal x86 64 | scope: | eq | version: | 10.2 | Trust: 1.2 |
| vendor: | s u s e | model: | unitedlinux | scope: | eq | version: | 1.0 | Trust: 1.2 |
| vendor: | s u s e | model: | suse linux standard server | scope: | eq | version: | 8.0 | Trust: 1.2 |
| vendor: | s u s e | model: | suse linux school server for i386 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | s u s e | model: | suse linux retail solution | scope: | eq | version: | 8.0 | Trust: 1.2 |
| vendor: | s u s e | model: | suse linux openexchange server | scope: | eq | version: | 4.0 | Trust: 1.2 |
| vendor: | s u s e | model: | linux professional oss | scope: | eq | version: | 10.0 | Trust: 1.2 |
| vendor: | s u s e | model: | linux professional | scope: | eq | version: | 10.0 | Trust: 1.2 |
| vendor: | s u s e | model: | linux professional | scope: | eq | version: | 10.2 | Trust: 1.2 |
| vendor: | s u s e | model: | linux professional | scope: | eq | version: | 10.1 | Trust: 1.2 |
| vendor: | s u s e | model: | linux personal | scope: | eq | version: | 10.2 | Trust: 1.2 |
| vendor: | s u s e | model: | linux personal | scope: | eq | version: | 10.1 | Trust: 1.2 |
| vendor: | s u s e | model: | linux | scope: | eq | version: | 10.1x86-64 | Trust: 1.2 |
| vendor: | s u s e | model: | linux | scope: | eq | version: | 10.1x86 | Trust: 1.2 |
| vendor: | s u s e | model: | linux ppc | scope: | eq | version: | 10.1 | Trust: 1.2 |
| vendor: | s u s e | model: | linux | scope: | eq | version: | 10.0x86-64 | Trust: 1.2 |
| vendor: | s u s e | model: | linux | scope: | eq | version: | 10.0x86 | Trust: 1.2 |
| vendor: | s u s e | model: | linux ppc | scope: | eq | version: | 10.0 | Trust: 1.2 |
| vendor: | redhat | model: | network satellite (for rhel | scope: | eq | version: | 4)4.2 | Trust: 1.2 |
| vendor: | redhat | model: | enterprise linux desktop workstation client | scope: | eq | version: | 5 | Trust: 1.2 |
| vendor: | red | model: | hat red hat network satellite server | scope: | eq | version: | 5.0 | Trust: 1.2 |
| vendor: | red | model: | hat network satellite (for rhel | scope: | eq | version: | 3)4.2 | Trust: 1.2 |
| vendor: | mandriva | model: | linux mandrake x86 64 | scope: | eq | version: | 2008.0 | Trust: 1.2 |
| vendor: | mandriva | model: | linux mandrake | scope: | eq | version: | 2008.0 | Trust: 1.2 |
| vendor: | hp | model: | hp-ux b.11.31 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | hp | model: | hp-ux b.11.23 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | hp | model: | hp-ux b.11.11 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | computer | model: | associates cohesion application configuration manager | scope: | eq | version: | 4.5 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.15 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.14 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.13 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.12 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.11 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.10 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.9 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.8 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.7 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.6 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.5 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.4 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.3 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.2 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.1 | Trust: 1.2 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5 | Trust: 1.2 |
| vendor: | computer | model: | associates cohesion application configuration manager sp1 | scope: | ne | version: | 4.5 | Trust: 1.2 |
| vendor: | apache | model: | tomcat | scope: | lt | version: | 6.0.18 | Trust: 1.0 |
| vendor: | suse | model: | linux enterprise server | scope: | eq | version: | 9 | Trust: 0.9 |
| vendor: | suse | model: | linux enterprise server | scope: | eq | version: | 8 | Trust: 0.9 |
| vendor: | suse | model: | linux enterprise sdk 10.sp1 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | s u s e | model: | open-enterprise-server | scope: | eq | version: | 9.0 | Trust: 0.9 |
| vendor: | s u s e | model: | open-enterprise-server | scope: | eq | version: | 0 | Trust: 0.9 |
| vendor: | s u s e | model: | novell linux pos | scope: | eq | version: | 9 | Trust: 0.9 |
| vendor: | s u s e | model: | novell linux desktop | scope: | eq | version: | 9.0 | Trust: 0.9 |
| vendor: | s u s e | model: | linux personal oss | scope: | eq | version: | 10.0 | Trust: 0.9 |
| vendor: | red | model: | hat red hat network satellite server | scope: | eq | version: | 4.2 | Trust: 0.9 |
| vendor: | red | model: | hat enterprise linux desktop client | scope: | eq | version: | 5 | Trust: 0.9 |
| vendor: | red | model: | hat enterprise linux server | scope: | eq | version: | 5 | Trust: 0.9 |
| vendor: | mandriva | model: | linux mandrake x86 64 | scope: | eq | version: | 2007.1 | Trust: 0.9 |
| vendor: | mandriva | model: | linux mandrake | scope: | eq | version: | 2007.1 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.1 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.22 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.21 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.20 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.19 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.18 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.17 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.16 | Trust: 0.9 |
| vendor: | suse | model: | linux enterprise server sp2 | scope: | eq | version: | 10 | Trust: 0.9 |
| vendor: | suse | model: | linux enterprise sdk sp1 | scope: | eq | version: | 10 | Trust: 0.9 |
| vendor: | suse | model: | opensuse | scope: | eq | version: | 10.3 | Trust: 0.9 |
| vendor: | s u s e | model: | suse linux open-xchange | scope: | eq | version: | 4.1 | Trust: 0.9 |
| vendor: | s u s e | model: | opensuse | scope: | eq | version: | 10.1 | Trust: 0.9 |
| vendor: | s u s e | model: | linux desktop | scope: | eq | version: | 10 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.30 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.16 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.15 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.14 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.13 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.12 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.11 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.10 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.3 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.2 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.1 | Trust: 0.9 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.1 | Trust: 0.9 |
| vendor: | sun | model: | jre 06 | scope: | eq | version: | 1.5 | Trust: 0.9 |
| vendor: | sun | model: | jre 05 | scope: | eq | version: | 1.5 | Trust: 0.9 |
| vendor: | sun | model: | jre 04 | scope: | eq | version: | 1.5 | Trust: 0.9 |
| vendor: | sun | model: | jre 03 | scope: | eq | version: | 1.5 | Trust: 0.9 |
| vendor: | sun | model: | jre 02 | scope: | eq | version: | 1.5 | Trust: 0.9 |
| vendor: | sun | model: | jre 01 | scope: | eq | version: | 1.5 | Trust: 0.9 |
| vendor: | sun | model: | jre | scope: | eq | version: | 1.5 | Trust: 0.9 |
| vendor: | sun | model: | jre 10 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 09 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 08 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 07 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 06 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 05 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 04 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 03 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 02 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 01 | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre | scope: | eq | version: | 1.4.2 | Trust: 0.9 |
| vendor: | sun | model: | jre 1.6.0 03 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.6.0 02 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.6.0 01 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.5.0 14 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.5.0 13 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.5.0 12 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.5.0 11 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.5.0 10 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 18 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 17 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 16 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 15 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 14 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 13 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 12 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 11 | scope: | - | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.6.0 11 | scope: | ne | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.5.0 17 | scope: | ne | version: | - | Trust: 0.9 |
| vendor: | sun | model: | jre 1.4.2 19 | scope: | ne | version: | - | Trust: 0.9 |
| vendor: | suse | model: | linux enterprise server sdk | scope: | eq | version: | 9 | Trust: 0.6 |
| vendor: | s u s e | model: | linux professional x86 64 | scope: | eq | version: | 9.3 | Trust: 0.6 |
| vendor: | s u s e | model: | linux professional | scope: | eq | version: | 9.3 | Trust: 0.6 |
| vendor: | s u s e | model: | linux personal x86 64 | scope: | eq | version: | 9.3 | Trust: 0.6 |
| vendor: | s u s e | model: | linux personal | scope: | eq | version: | 9.3 | Trust: 0.6 |
| vendor: | redhat | model: | certificate server | scope: | eq | version: | 7.3 | Trust: 0.6 |
| vendor: | red | model: | hat red hat network satellite server | scope: | eq | version: | 4.1 | Trust: 0.6 |
| vendor: | red | model: | hat red hat network satellite server | scope: | eq | version: | 4.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage studio standard-j edition | scope: | eq | version: | 9.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage studio standard-j edition | scope: | eq | version: | 8.0.1 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage studio enterprise edition | scope: | eq | version: | 9.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage studio enterprise edition | scope: | eq | version: | 8.0.1 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage job workload server | scope: | eq | version: | 8.1 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage business application server enterprise | scope: | eq | version: | 8.0.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage apworks modelers-j edition | scope: | eq | version: | 7.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage apworks modelers-j edition 6.0a | scope: | - | version: | - | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage apworks modelers-j edition | scope: | eq | version: | 6.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 9.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 8.0.2 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 8.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server plus developer | scope: | eq | version: | 6.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server plus | scope: | eq | version: | 7.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 9.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 8.0.2 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 8.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 7.0.1 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 7.0 | Trust: 0.6 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 6.0 | Trust: 0.6 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 4.0 | Trust: 0.6 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.10 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.10 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.9 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.8 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.7 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.6 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.5 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.4 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.3 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.2 | Trust: 0.6 |
| vendor: | suse | model: | linux enterprise sp1 debuginfo | scope: | eq | version: | 10 | Trust: 0.6 |
| vendor: | s u s e | model: | open-enterprise-server | scope: | eq | version: | 1 | Trust: 0.6 |
| vendor: | s u s e | model: | office server | scope: | - | version: | - | Trust: 0.6 |
| vendor: | s u s e | model: | novell linux desktop sdk | scope: | eq | version: | 9.0 | Trust: 0.6 |
| vendor: | s u s e | model: | novell linux desktop | scope: | eq | version: | 1.0 | Trust: 0.6 |
| vendor: | s u s e | model: | linux desktop | scope: | eq | version: | 1.0 | Trust: 0.6 |
| vendor: | red | model: | hat fedora | scope: | eq | version: | 7 | Trust: 0.6 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.11 | Trust: 0.6 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.11 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.13 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.12 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.11 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0.10 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.24 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.5.23 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.28 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.19 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.9 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.8 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.7 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.6 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.5 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.0.4 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.1.36 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.1.24 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.1.12 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.1.10 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.0.6 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.0.5 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.0.4 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.0.3 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.0.2 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.0.1 | Trust: 0.6 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.0 | Trust: 0.6 |
| vendor: | novell | model: | zenworks linux management | scope: | eq | version: | 7.3 | Trust: 0.6 |
| vendor: | sun | model: | jre 1.6.0 2 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | sun | model: | jre 1.5.0.0 09 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | sun | model: | jre 1.5.0.0 08 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | sun | model: | jre 1.5.0.0 07 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | apache | model: | tomcat utf8 | scope: | lt | version: | 6.0.18 | Trust: 0.6 |
| vendor: | apache | model: | tomcat utf-8 | scope: | - | version: | - | Trust: 0.5 |
| vendor: | oracle | model: | containers for java | scope: | - | version: | - | Trust: 0.5 |
| vendor: | toutvirtual | model: | virtualiq pro | scope: | - | version: | - | Trust: 0.5 |
| vendor: | vmware | model: | virtualcenter management server | scope: | eq | version: | 2 | Trust: 0.3 |
| vendor: | vmware | model: | esx server | scope: | eq | version: | 3.0.2 | Trust: 0.3 |
| vendor: | vmware | model: | esx server | scope: | eq | version: | 3.0.1 | Trust: 0.3 |
| vendor: | sun | model: | solaris 9 x86 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sun | model: | solaris 9 sparc | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sun | model: | solaris 10 x86 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sun | model: | solaris 10 sparc | scope: | - | version: | - | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux virtualization server | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux optional productivity application server | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux hardware certification | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux desktop multi os client | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux clustering server | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux cluster-storage server | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | red | model: | hat enterprise linux supplementary server | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | red | model: | hat enterprise linux desktop supplementary client | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | gentoo | model: | linux | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 8.0.3 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 8.0.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.3.9 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.9 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.4 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.3 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.2 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 6.0.10 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 5.5.23 | Trust: 0.3 |
| vendor: | s u s e | model: | linux openexchange server | scope: | - | version: | - | Trust: 0.3 |
| vendor: | s u s e | model: | linux office server | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for novell groupwise | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for novell groupwise | scope: | eq | version: | 4.1.7 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for novell groupwise | scope: | eq | version: | 4.1.4 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for exchange mr1 | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for exchange | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for exchange | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for exchange sp2 | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for exchange | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for exchange | scope: | eq | version: | 4.1.7 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for exchange | scope: | eq | version: | 4.1.4 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for domino mr1 | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server for domino | scope: | eq | version: | 4.1.4 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server express for exchange mr1 | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server express for exchange | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server express for exchange | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server express for exchange | scope: | eq | version: | 4.1.4 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server express for domino mr1 | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server express for domino | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry enterprise server express for domino | scope: | eq | version: | 4.1.4 | Trust: 0.3 |
| vendor: | redhat | model: | developer suite el4 | scope: | eq | version: | 3 | Trust: 0.3 |
| vendor: | ibm | model: | tivoli access manager enterprise single sign-on | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
| vendor: | hp | model: | tru64 unix 5.1b-4 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | hp | model: | tru64 unix pk6 | scope: | eq | version: | 5.1.0 | Trust: 0.3 |
| vendor: | hp | model: | tru64 unix b-4 | scope: | eq | version: | 5.1.0 | Trust: 0.3 |
| vendor: | hp | model: | tru64 unix b-3 | scope: | eq | version: | 5.1.0 | Trust: 0.3 |
| vendor: | hp | model: | internet express | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hp | model: | internet express | scope: | eq | version: | 6.6 | Trust: 0.3 |
| vendor: | hp | model: | internet express | scope: | eq | version: | 6.5 | Trust: 0.3 |
| vendor: | debian | model: | linux sparc | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux s/390 | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux powerpc | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux mipsel | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux mips | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux m68k | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux ia-64 | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux ia-32 | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux hppa | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux arm | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux amd64 | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux alpha | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | debian | model: | linux | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.9 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.8 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.7 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.6 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.9 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.8 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.7 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.6 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.1.34 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 3.3.2 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat a | scope: | eq | version: | 3.3.1 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 3.3.1 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 3.3 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 6.0.14 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | eq | version: | 4.1.31 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat beta | scope: | eq | version: | 4.1.3 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat rc2 | scope: | eq | version: | 4.0.0 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 5.5.16 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 5.0.31 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 4.1.32 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 4.0.7 | Trust: 0.3 |
| vendor: | s u s e | model: | linux professional x86 64 | scope: | eq | version: | 9.2 | Trust: 0.3 |
| vendor: | s u s e | model: | linux professional | scope: | eq | version: | 9.2 | Trust: 0.3 |
| vendor: | s u s e | model: | linux personal x86 64 | scope: | eq | version: | 9.2 | Trust: 0.3 |
| vendor: | s u s e | model: | linux personal | scope: | eq | version: | 9.2 | Trust: 0.3 |
| vendor: | s u s e | model: | linux personal x86 64 | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | s u s e | model: | linux personal | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | s u s e | model: | linux personal x86 64 | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | redhat | model: | network satellite (for rhel | scope: | eq | version: | 4)5.1 | Trust: 0.3 |
| vendor: | apache | model: | software foundation tomcat | scope: | ne | version: | 4.1.37 | Trust: 0.3 |
| vendor: | wikid | model: | systems wikid server | scope: | eq | version: | 3.0.4 | Trust: 0.3 |
| vendor: | sun | model: | solaris | scope: | eq | version: | 10 | Trust: 0.3 |
| vendor: | sun | model: | jre 07 | scope: | eq | version: | 1.5 | Trust: 0.3 |
| vendor: | sun | model: | jre beta | scope: | eq | version: | 1.5.0 | Trust: 0.3 |
| vendor: | sun | model: | jre 10-b03 | scope: | eq | version: | 1.4.2 | Trust: 0.3 |
| vendor: | sun | model: | jre 1.5.0 09 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sun | model: | jre 1.5.0 08 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | s u s e | model: | opensuse | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | s u s e | model: | opensuse | scope: | eq | version: | 10.3 | Trust: 0.3 |
| vendor: | redhat | model: | red hat network satellite server | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
| vendor: | redhat | model: | red hat network satellite server | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | redhat | model: | red hat network satellite (for rhel | scope: | eq | version: | 4)5.1 | Trust: 0.3 |
| vendor: | redhat | model: | jboss enterprise application platform el5 | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | redhat | model: | jboss enterprise application platform el4 | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | redhat | model: | jboss enterprise application platform .cp03 | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | redhat | model: | jboss enterprise application platform | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux desktop client | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | redhat | model: | enterprise linux server | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | redhat | model: | developer suite as4 | scope: | eq | version: | 3 | Trust: 0.3 |
| vendor: | redhat | model: | application server ws4 | scope: | eq | version: | 2 | Trust: 0.3 |
| vendor: | redhat | model: | application server es4 | scope: | eq | version: | 2 | Trust: 0.3 |
| vendor: | redhat | model: | application server as4 | scope: | eq | version: | 2 | Trust: 0.3 |
| vendor: | oracle | model: | oracle10g application server | scope: | eq | version: | 10.1.3.1.0 | Trust: 0.3 |
| vendor: | openjdk | model: | java | scope: | eq | version: | 1.6 | Trust: 0.3 |
| vendor: | mandriva | model: | linux mandrake x86 64 | scope: | eq | version: | 2008.1 | Trust: 0.3 |
| vendor: | mandriva | model: | linux mandrake | scope: | eq | version: | 2008.1 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage studio standard-j edition | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage studio standard-j edition b | scope: | eq | version: | 9.1.0 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage studio enterprise edition | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage studio enterprise edition b | scope: | eq | version: | 9.1.0 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server standard-j edition | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server standard-j edition a | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server standard-j edition 9.1.0b | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server plus developer | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server plus | scope: | eq | version: | 7.0.1 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server plus | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server enterprise edition | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server enterprise edition a | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | fujitsu | model: | interstage application server enterprise edition 9.1.0b | scope: | - | version: | - | Trust: 0.3 |
| vendor: | avaya | model: | meeting exchange enterprise edition | scope: | eq | version: | - | Trust: 0.3 |
| vendor: | avaya | model: | meeting exchange | scope: | eq | version: | 5.0.0.52 | Trust: 0.3 |
| vendor: | avaya | model: | meeting exchange | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 4.2.1 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.1.6 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.1.5 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.1.4 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.1.3 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | avaya | model: | aura application enablement services | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | apple | model: | mac os server | scope: | eq | version: | x10.5.5 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.16 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.15 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.14 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.13 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.12 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.11 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.10 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.9 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.8 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.7 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.6 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.5 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.4 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.3 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.2 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0.1 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.26 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.25 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.24 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.23 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.22 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.21 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.20 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.19 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.18 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.17 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.16 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.15 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.14 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.13 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.12 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.11 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.10 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.9 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.8 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.7 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.6 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.5 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.4 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.3 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.2 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5.1 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 5.5 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.37 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.36 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.34 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.32 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.31 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.30 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.29 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.28 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.24 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.12 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.10 | Trust: 0.3 |
| vendor: | apache | model: | tomcat beta | scope: | eq | version: | 4.1.9 | Trust: 0.3 |
| vendor: | apache | model: | tomcat beta | scope: | eq | version: | 4.1.3 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1.3 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | apache | model: | harmony m8 | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | apache | model: | harmony m7 | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | wikid | model: | systems wikid server | scope: | ne | version: | 3.0.5 | Trust: 0.3 |
| vendor: | redhat | model: | jboss enterprise application platform .cp04 | scope: | ne | version: | 4.2 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | ne | version: | 6.0.18 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | ne | version: | 5.5.27 | Trust: 0.3 |
| vendor: | apache | model: | tomcat | scope: | ne | version: | 4.1.39 | Trust: 0.3 |
sources:
BID: 22960 //
BID: 25316 //
BID: 25531 //
BID: 24476 //
BID: 30633 //
PACKETSTORM: 92240 //
PACKETSTORM: 74165 //
PACKETSTORM: 82649 //
EXPLOIT-DB: 6229 //
EDBNET: 30495
EXPLOIT
Title: Apache Tomcat Directory Traversal Vulnerability
Author: Simon Ryeo(bar4mi (at) gmail.com, barami (at) ahnlab.com)
Severity: High
Impact: Remote File Disclosure
Vulnerable Version: prior to 6.0.18
Solution:
- Best Choice: Upgrade to 6.0.18 (http://tomcat.apache.org)
- Hot fix: Disable allowLinking or do not set URIencoding to utf8 in order to avoid this vulnerability.
- Tomcat 5.5.x and 4.1.x Users: The fix will be included in the next releases. Please apply the hot fix until next release.
References:
- http://tomcat.apache.org/security.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
History:
- 07.17.2008: Initiate notify (To Apache Security Team)
- 08.02.2008: Responsed this problem fixed and released new version
- 08.05.2008: Notify disclosure (To Apache Tomcat Security Team)
- 08.10.2008: Responsed with some suggestions.
Description
As Apache Security Team, this problem occurs because of JAVA side.
If your context.xml or server.xml allows 'allowLinking'and 'URIencoding' as
'UTF-8', an attacker can obtain your important system files.(e.g. /etc/passwd)
Exploit
If your webroot directory has three depth(e.g /usr/local/wwwroot), An
attacker can access arbitrary files as below. (Proof-of-concept)
http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar
# milw0rm.com [2008-08-11]
Trust: 1.0
sources:
EXPLOIT-DB: 6229
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
sources:
PACKETSTORM: 69010
EXPLOIT LANGUAGE
txt
Trust: 1.0
sources:
EXPLOIT-DB: 6229
PRICE
Free
Trust: 9.5
sources:
BID: 22960 //
BID: 25316 //
BID: 25531 //
BID: 24476 //
BID: 30633 //
PACKETSTORM: 69010 //
PACKETSTORM: 92240 //
PACKETSTORM: 57183 //
PACKETSTORM: 56883 //
PACKETSTORM: 55163 //
PACKETSTORM: 58554 //
PACKETSTORM: 74165 //
PACKETSTORM: 82649 //
EXPLOIT-DB: 6229 //
EDBNET: 70551 //
EDBNET: 69694 //
EDBNET: 9239 //
EDBNET: 69665 //
EDBNET: 30495
TYPE
Input Validation Error
Trust: 1.5
sources:
BID: 22960 //
BID: 25316 //
BID: 25531 //
BID: 24476 //
BID: 30633
TAGS
| tag: | exploit | Trust: 4.0 |
| tag: | xss | Trust: 2.0 |
| tag: | file inclusion | Trust: 1.5 |
| tag: | web | Trust: 1.0 |
| tag: | vulnerability | Trust: 1.0 |
| tag: | java | Trust: 0.5 |
| tag: | code execution | Trust: 0.5 |
| tag: | csrf | Trust: 0.5 |
sources:
PACKETSTORM: 69010 //
PACKETSTORM: 92240 //
PACKETSTORM: 57183 //
PACKETSTORM: 56883 //
PACKETSTORM: 55163 //
PACKETSTORM: 58554 //
PACKETSTORM: 74165 //
PACKETSTORM: 82649
CREDITS
Simon Ryeo
Trust: 1.5
sources:
PACKETSTORM: 69010 //
EXPLOIT-DB: 6229
EXTERNAL IDS
| db: | NVD | id: | CVE-2008-2938 | Trust: 5.7 |
| db: | EXPLOIT-DB | id: | 6229 | Trust: 1.6 |
| db: | NVD | id: | CVE-2007-0450 | Trust: 1.4 |
| db: | NVD | id: | CVE-2007-2449 | Trust: 1.4 |
| db: | NVD | id: | CVE-2007-1355 | Trust: 1.1 |
| db: | NVD | id: | CVE-2007-3386 | Trust: 1.1 |
| db: | NVD | id: | CVE-2006-3835 | Trust: 1.1 |
| db: | NVD | id: | CVE-2007-3382 | Trust: 0.9 |
| db: | NVD | id: | CVE-2007-3385 | Trust: 0.9 |
| db: | NVD | id: | CVE-2006-7196 | Trust: 0.9 |
| db: | EDBNET | id: | 70551 | Trust: 0.6 |
| db: | EDBNET | id: | 69694 | Trust: 0.6 |
| db: | 0DAYTODAY | id: | 9239 | Trust: 0.6 |
| db: | EDBNET | id: | 9239 | Trust: 0.6 |
| db: | NVD | id: | CVE-2007-1358 | Trust: 0.6 |
| db: | NVD | id: | CVE-2007-1858 | Trust: 0.6 |
| db: | NVD | id: | CVE-2008-0128 | Trust: 0.6 |
| db: | NVD | id: | CVE-2005-3510 | Trust: 0.6 |
| db: | NVD | id: | CVE-2006-7195 | Trust: 0.6 |
| db: | NVD | id: | CVE-2007-2450 | Trust: 0.6 |
| db: | NVD | id: | CVE-2005-2090 | Trust: 0.6 |
| db: | EDBNET | id: | 69665 | Trust: 0.6 |
| db: | EDBNET | id: | 30495 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 69010 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 92240 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 57183 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 56883 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 55163 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 58554 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 74165 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 82649 | Trust: 0.5 |
| db: | BID | id: | 22960 | Trust: 0.3 |
| db: | BID | id: | 25316 | Trust: 0.3 |
| db: | NVD | id: | CVE-2007-4724 | Trust: 0.3 |
| db: | BID | id: | 25531 | Trust: 0.3 |
| db: | BID | id: | 24476 | Trust: 0.3 |
| db: | CERT/CC | id: | VU#343355 | Trust: 0.3 |
| db: | BID | id: | 30633 | Trust: 0.3 |
sources:
BID: 22960 //
BID: 25316 //
BID: 25531 //
BID: 24476 //
BID: 30633 //
PACKETSTORM: 69010 //
PACKETSTORM: 92240 //
PACKETSTORM: 57183 //
PACKETSTORM: 56883 //
PACKETSTORM: 55163 //
PACKETSTORM: 58554 //
PACKETSTORM: 74165 //
PACKETSTORM: 82649 //
EXPLOIT-DB: 6229 //
EDBNET: 70551 //
EDBNET: 69694 //
EDBNET: 9239 //
EDBNET: 69665 //
EDBNET: 30495
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-2938 | Trust: 3.6 |
| url: | https://www.intelligentexploit.com | Trust: 1.8 |
| url: | https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540 | Trust: 1.2 |
| url: | http://tomcat.apache.org/ | Trust: 1.2 |
| url: | http://rhn.redhat.com/errata/rhsa-2008-0261.html | Trust: 1.2 |
| url: | http://rhn.redhat.com/errata/rhsa-2008-0524.html | Trust: 1.2 |
| url: | http://rhn.redhat.com/errata/rhsa-2007-1069.html | Trust: 0.6 |
| url: | http://support.apple.com/kb/ht2163 | Trust: 0.6 |
| url: | http://tomcat.apache.org/security-6.html | Trust: 0.6 |
| url: | http://download.novell.com/download?buildid=n5vszfht1vs | Trust: 0.6 |
| url: | http://www.novell.com/support/viewcontent.do?externalid=7006398 | Trust: 0.6 |
| url: | https://0day.today/exploits/9239 | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/6229/ | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-2449 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-1355 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-0450 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-3386 | Trust: 0.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-3835 | Trust: 0.5 |
| url: | http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html | Trust: 0.3 |
| url: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1 | Trust: 0.3 |
| url: | http://rhn.redhat.com/errata/rhsa-2007-0327.html | Trust: 0.3 |
| url: | http://support.avaya.com/elmodocs2/security/asa-2007-206.htm | Trust: 0.3 |
| url: | https://rhn.redhat.com/errata/rhsa-2007-0871.html | Trust: 0.3 |
| url: | http://rhn.redhat.com/errata/rhsa-2008-0195.html | Trust: 0.3 |
| url: | http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966&sliceid=1&command=show&forward=nonthreadedkc&kcid=kb25966 | Trust: 0.3 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg1iz55562 | Trust: 0.3 |
| url: | http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23/ca20090123-01-cohesion-tomcat-multiple-vulnerabilities.aspx | Trust: 0.3 |
| url: | http://rhn.redhat.com/errata/rhsa-2007-0569.html | Trust: 0.3 |
| url: | http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/ | Trust: 0.3 |
| url: | http://rhn.redhat.com/errata/rhsa-2008-0630.html | Trust: 0.3 |
| url: | http://bbpress.org/ | Trust: 0.3 |
| url: | http://www.fujitsu.com/global/support/software/security/products-f/interstage-201003e.html | Trust: 0.3 |
| url: | http://www.kb.cert.org/vuls/id/343355 | Trust: 0.3 |
| url: | https://sourceforge.net/project/shownotes.php?release_id=626903&group_id=144774 | Trust: 0.3 |
| url: | http://rhn.redhat.com/errata/rhsa-2008-0648.html | Trust: 0.3 |
| url: | http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html | Trust: 0.3 |
| url: | http://harmony.apache.org/ | Trust: 0.3 |
| url: | http://openjdk.java.net/ | Trust: 0.3 |
| url: | http://java.sun.com/javase/6/webnotes/6u11.html | Trust: 0.3 |
| url: | https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1 | Trust: 0.3 |
| url: | http://support.avaya.com/elmodocs2/security/asa-2008-401.htm | Trust: 0.3 |
| url: | https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java | Trust: 0.3 |
sources:
BID: 22960 //
BID: 25316 //
BID: 25531 //
BID: 24476 //
BID: 30633 //
PACKETSTORM: 69010 //
PACKETSTORM: 92240 //
PACKETSTORM: 57183 //
PACKETSTORM: 56883 //
PACKETSTORM: 55163 //
PACKETSTORM: 58554 //
PACKETSTORM: 74165 //
PACKETSTORM: 82649 //
EXPLOIT-DB: 6229 //
EDBNET: 70551 //
EDBNET: 69694 //
EDBNET: 9239 //
EDBNET: 69665 //
EDBNET: 30495
SOURCES
| db: | BID | id: | 22960 |
| db: | BID | id: | 25316 |
| db: | BID | id: | 25531 |
| db: | BID | id: | 24476 |
| db: | BID | id: | 30633 |
| db: | PACKETSTORM | id: | 69010 |
| db: | PACKETSTORM | id: | 92240 |
| db: | PACKETSTORM | id: | 57183 |
| db: | PACKETSTORM | id: | 56883 |
| db: | PACKETSTORM | id: | 55163 |
| db: | PACKETSTORM | id: | 58554 |
| db: | PACKETSTORM | id: | 74165 |
| db: | PACKETSTORM | id: | 82649 |
| db: | EXPLOIT-DB | id: | 6229 |
| db: | EDBNET | id: | 70551 |
| db: | EDBNET | id: | 69694 |
| db: | EDBNET | id: | 9239 |
| db: | EDBNET | id: | 69665 |
| db: | EDBNET | id: | 30495 |
LAST UPDATE DATE
2022-06-21T13:52:35.970000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 22960 | date: | 2010-08-05T20:45:00 |
| db: | BID | id: | 25316 | date: | 2015-03-19T09:17:00 |
| db: | BID | id: | 25531 | date: | 2015-03-19T09:14:00 |
| db: | BID | id: | 24476 | date: | 2015-03-19T08:19:00 |
| db: | BID | id: | 30633 | date: | 2015-04-13T22:13:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 22960 | date: | 2007-03-14T00:00:00 |
| db: | BID | id: | 25316 | date: | 2007-08-14T00:00:00 |
| db: | BID | id: | 25531 | date: | 2007-09-04T00:00:00 |
| db: | BID | id: | 24476 | date: | 2007-06-14T00:00:00 |
| db: | BID | id: | 30633 | date: | 2008-08-11T00:00:00 |
| db: | PACKETSTORM | id: | 69010 | date: | 2008-08-13T03:03:16 |
| db: | PACKETSTORM | id: | 92240 | date: | 2010-07-28T17:52:44 |
| db: | PACKETSTORM | id: | 57183 | date: | 2007-06-15T02:59:09 |
| db: | PACKETSTORM | id: | 56883 | date: | 2007-05-22T01:45:13 |
| db: | PACKETSTORM | id: | 55163 | date: | 2007-03-20T03:26:18 |
| db: | PACKETSTORM | id: | 58554 | date: | 2007-08-14T17:52:16 |
| db: | PACKETSTORM | id: | 74165 | date: | 2009-01-21T02:10:01 |
| db: | PACKETSTORM | id: | 82649 | date: | 2009-11-17T00:59:14 |
| db: | EXPLOIT-DB | id: | 6229 | date: | 2008-08-11T00:00:00 |
| db: | EDBNET | id: | 70551 | date: | 2008-08-17T00:00:00 |
| db: | EDBNET | id: | 69694 | date: | 2009-01-26T00:00:00 |
| db: | EDBNET | id: | 9239 | date: | 2008-08-11T00:00:00 |
| db: | EDBNET | id: | 69665 | date: | 2009-01-27T00:00:00 |
| db: | EDBNET | id: | 30495 | date: | 2008-08-11T00:00:00 |