Vulnerability CVE-2009-2693 - CERT Civis.Net

Vulnerability Name:

CVE-2009-2693 (CCN-55855)

Assigned:

2009-08-05

Published:

2010-01-24

Updated:

2019-03-25

Summary:

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.3 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-2693

Source: CCN
Type: HP Security Bulletin HPSBMA02535 SSRT100029
HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS)

Source: HP
Type: UNKNOWN
HPSBUX02541

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:008

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1700

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1701

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0147

Source: HP
Type: UNKNOWN
HPSBMA02535

Source: HP
Type: UNKNOWN
HPSBOV02762

Source: HP
Type: UNKNOWN
HPSBUX02860

Source: HP
Type: UNKNOWN
HPSBST02955

Source: CCN
Type: IBM Support and Downloads
WebSphere Application Server Community Edition V2.1.1.4

Source: CCN
Type: RHSA-2010-0119
Low: JBoss Enterprise Web Server 1.0.1 update

Source: CCN
Type: RHSA-2010-0580
Important: tomcat5 security update

Source: CCN
Type: RHSA-2010-0582
Important: tomcat5 security update

Source: CCN
Type: RHSA-2010-0693
Important: tomcat5 security update

Source: CCN
Type: SA38316
Apache Tomcat WAR Deployment Directory Traversal Weaknesses and Security Issue

Source: SECUNIA
Type: Vendor Advisory
38316

Source: CCN
Type: SA38346
Apache Tomcat 5 WAR Deployment Directory Traversal Weaknesses and Security Issue

Source: SECUNIA
Type: Vendor Advisory
38346

Source: SECUNIA
Type: UNKNOWN
38541

Source: SECUNIA
Type: UNKNOWN
38687

Source: CCN
Type: SA39317
SUSE Update for Multiple Packages

Source: SECUNIA
Type: UNKNOWN
39317

Source: CCN
Type: SA39847
HP Performance Manager Apache Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
40330

Source: SECUNIA
Type: UNKNOWN
40813

Source: CCN
Type: SA41484
IBM WebSphere Application Server Community Edition Multiple Vulnerabilities

Source: CCN
Type: SA41875
Sun Solaris Tomcat Multiple Vulnerabilities

Source: CCN
Type: SA43310
VMware vCenter / ESX Server Apache Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
43310

Source: SECUNIA
Type: UNKNOWN
57126

Source: CCN
Type: SECTRACK ID: 1023505
Tomcat WAR Deployment Directory Traversal Flaw May Cause Files to Be Created Outside of the Intended Directory

Source: SECTRACK
Type: UNKNOWN
1023505

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc?rev=892815&view=rev

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?rev=902650&view=rev

Source: CCN
Type: Apache Web Site
Fixed in subversion for Apache Tomcat 5.5.x

Source: CONFIRM
Type: Patch, Vendor Advisory
http://tomcat.apache.org/security-5.html

Source: CONFIRM
Type: Patch, Vendor Advisory
http://tomcat.apache.org/security-6.html

Source: UBUNTU
Type: UNKNOWN
USN-899-1

Source: DEBIAN
Type: UNKNOWN
DSA-2207

Source: DEBIAN
Type: DSA-2207
tomcat5.5 -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:176

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:177

Source: CCN
Type: OSVDB ID: 62052
Apache Tomcat WAR File Traversal Arbitrary File Overwrite

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0119

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0580

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0582

Source: BUGTRAQ
Type: UNKNOWN
20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration

Source: BUGTRAQ
Type: UNKNOWN
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Source: BID
Type: UNKNOWN
37944

Source: CCN
Type: BID-37944
Apache Tomcat WAR File Directory Traversal Vulnerability

Source: CCN
Type: USN-899-1
Tomcat vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2010-0213

Source: VUPEN
Type: UNKNOWN
ADV-2010-1559

Source: VUPEN
Type: UNKNOWN
ADV-2010-1986

Source: XF
Type: UNKNOWN
tomcat-war-directory-traversal(55855)

Source: XF
Type: UNKNOWN
tomcat-war-directory-traversal(55855)

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:19355

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7017

Source: SUSE
Type: SUSE-SR:2010:008
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

OR cpe:/a:redhat:certificate_system:7.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

AND

cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20092693	V	CVE-2009-2693	2022-05-20
oval:org.opensuse.security:def:26227	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:31756	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:32290	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:42242	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:32229	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:26174	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:31314	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:32232	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:31303	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31302	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:33011	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:26117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:32180	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:31669	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:32972	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:32145	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32124	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32122	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:42719	P	tomcat6-6.0.41-0.43.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36312	P	tomcat6-6.0.41-0.43.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26065	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:26064	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:32088	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:32078	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31612	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:26203	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31732	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:26146	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:35835	P	tomcat6-6.0.18-20.35.36.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42455	P	tomcat6-6.0.18-20.35.40.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36048	P	tomcat6-6.0.18-20.35.40.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25397	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26287	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32554	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31778	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:25670	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:32017	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33275	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31864	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31526	P	Security update for rsyslog (Moderate)	2020-12-01
oval:org.opensuse.security:def:25962	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26593	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25861	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31824	P	Security update for bash (Low)	2020-12-01
oval:org.opensuse.security:def:26315	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:31520	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:27310	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25937	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27011	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25609	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25386	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32532	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25882	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:25589	P	Security update for zabbix (Moderate)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:33236	P	ppc64-diag on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31790	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:32334	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:31515	P	Security update for quagga (Low)	2020-12-01
oval:org.opensuse.security:def:25811	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26579	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26276	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32799	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31388	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:32388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:27275	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25873	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:31968	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:26373	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25598	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25385	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:32493	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25801	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:26834	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25461	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:26438	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:32598	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31779	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26023	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:31514	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:25727	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32056	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31996	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26540	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31600	P	Security update for tightvnc (Important)	2020-12-01
oval:org.opensuse.security:def:26015	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:32760	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26637	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25862	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31881	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:26329	P	Security update for znc (Low)	2020-12-01
oval:org.opensuse.security:def:25597	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:32444	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27046	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25673	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31912	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26799	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:19355	V	HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities	2015-04-20
oval:org.mitre.oval:def:7017	V	HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification	2015-04-20
oval:org.mitre.oval:def:12995	P	USN-899-1 -- tomcat6 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:12963	P	DSA-2207-1 tomcat5.5 -- several	2014-06-23
oval:org.mitre.oval:def:23078	P	ELSA-2010:0580: tomcat5 security update (Important)	2014-05-26
oval:org.mitre.oval:def:22107	P	RHSA-2010:0580: tomcat5 security update (Important)	2014-02-24
oval:org.mitre.oval:def:20429	V	Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	2014-01-20
oval:com.redhat.rhsa:def:20100580	P	RHSA-2010:0580: tomcat5 security update (Important)	2010-08-02