Vulnerability Name:

CVE-2012-3546 (CCN-80517)

Assigned:2012-10-19
Published:2012-10-19
Updated:2017-09-19
Summary:org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
4.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: BUGTRAQ
Type: UNKNOWN
20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints

Source: MITRE
Type: CNA
CVE-2012-3546

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1700

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1701

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0147

Source: HP
Type: UNKNOWN
SSRT101139

Source: HP
Type: UNKNOWN
HPSBST02955

Source: CCN
Type: RHSA-2013-0004
Important: tomcat6 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0004

Source: CCN
Type: RHSA-2013-0005
Important: tomcat6 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0005

Source: CCN
Type: RHSA-2013-0146
Important: jbossweb security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0146

Source: CCN
Type: RHSA-2013-0147
Important: jbossas security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0147

Source: CCN
Type: RHSA-2013-0151
Important: JBoss Enterprise Portal Platform 4.3 CP07 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0151

Source: CCN
Type: RHSA-2013-0157
Important: tomcat6 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0157

Source: CCN
Type: RHSA-2013-0158
Important: tomcat6 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0158

Source: CCN
Type: RHSA-2013-0162
Important: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0162

Source: CCN
Type: RHSA-2013-0163
Important: jbossweb security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0163

Source: CCN
Type: RHSA-2013-0164
Important: jbossweb security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0164

Source: CCN
Type: RHSA-2013-0191
Important: JBoss Enterprise Application Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0191

Source: CCN
Type: RHSA-2013-0192
Important: JBoss Enterprise Application Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0192

Source: CCN
Type: RHSA-2013-0193
Important: JBoss Enterprise Application Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0193

Source: CCN
Type: RHSA-2013-0194
Important: JBoss Enterprise Application Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0194

Source: CCN
Type: RHSA-2013-0195
Important: JBoss Enterprise Web Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0195

Source: CCN
Type: RHSA-2013-0196
Important: JBoss Enterprise Web Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0196

Source: CCN
Type: RHSA-2013-0197
Important: JBoss Enterprise Web Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0197

Source: CCN
Type: RHSA-2013-0198
Important: JBoss Enterprise Web Platform 5.2.0 update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0198

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0221

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0235

Source: CCN
Type: RHSA-2013-0623
Important: tomcat6 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0623

Source: CCN
Type: RHSA-2013-0640
Important: tomcat5 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0640

Source: CCN
Type: RHSA-2013-0641
Important: tomcat5 security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0641

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0642

Source: CCN
Type: SA51425
Apache Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
51984

Source: SECUNIA
Type: UNKNOWN
52054

Source: CCN
Type: SA54255
HP Network Node Manager i (NNMi) Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
57126

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892

Source: CONFIRM
Type: Patch
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?view=revision&revision=1377892

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-6.html

Source: CCN
Type: Apache Web Site
Fixed in Apache Tomcat 6.0.36

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-7.html

Source: BID
Type: UNKNOWN
56812

Source: CCN
Type: BID-56812
Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027833

Source: UBUNTU
Type: UNKNOWN
USN-1685-1

Source: XF
Type: UNKNOWN
tomcat-formauthenticator-sec-bypass(80517)

Source: CCN
Type: HP Security Bulletin HPSBMU02894 rev.1
HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code

Source: HP
Type: UNKNOWN
SSRT101182

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:19305

Source: CCN
Type: IBM Security Bulletin 6496741 (Sterling B2B Integrator)
Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20123546
    V
    		CVE-2012-3546
    2022-05-20
    oval:org.opensuse.security:def:26227
    P
    		Security update for the Linux Kernel (Important)
    2022-01-13
    oval:org.opensuse.security:def:32290
    P
    		Security update for apache2 (Important)
    2022-01-12
    oval:org.opensuse.security:def:32229
    P
    		Security update for ruby2.1 (Important)
    2021-12-01
    oval:org.opensuse.security:def:26174
    P
    		Security update for openexr (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:32232
    P
    		Security update for webkit2gtk3 (Important)
    2021-12-01
    oval:org.opensuse.security:def:33011
    P
    		Security update for hivex (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:32180
    P
    		Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:32972
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:32145
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:32124
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:42719
    P
    		tomcat6-6.0.41-0.43.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36312
    P
    		tomcat6-6.0.41-0.43.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26065
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:32088
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:32268
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:26203
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:31732
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:26146
    P
    		Security update for python3 (Important)
    2021-02-08
    oval:org.opensuse.security:def:36048
    P
    		tomcat6-6.0.18-20.35.40.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:42455
    P
    		tomcat6-6.0.18-20.35.40.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31526
    P
    		Security update for rsyslog (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31778
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32388
    P
    		Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26023
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:27046
    P
    		tomcat6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26637
    P
    		ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31600
    P
    		Security update for tightvnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:31779
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32444
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25597
    P
    		Security update for squid (Critical)
    2020-12-01
    oval:org.opensuse.security:def:27275
    P
    		pure-ftpd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31790
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32493
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25598
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26287
    P
    		Security update for zeromq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27310
    P
    		tomcat6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31824
    P
    		Security update for bash (Low)
    2020-12-01
    oval:org.opensuse.security:def:32334
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:31864
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32532
    P
    		java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25609
    P
    		Security update for sysstat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26276
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25861
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26438
    P
    		Security update for ansible (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31881
    P
    		Security update for dnsmasq (Important)
    2020-12-01
    oval:org.opensuse.security:def:31996
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32554
    P
    		libltdl7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25673
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26315
    P
    		Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25862
    P
    		Recommended update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26491
    P
    		Security update for nextcloud (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31968
    P
    		Security update for ipmitool (Important)
    2020-12-01
    oval:org.opensuse.security:def:32598
    P
    		python on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25801
    P
    		Security update for libvdpau (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26329
    P
    		Security update for znc (Low)
    2020-12-01
    oval:org.opensuse.security:def:25873
    P
    		Security update for libcares2 (Low)
    2020-12-01
    oval:org.opensuse.security:def:26540
    P
    		enscript on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31514
    P
    		Security update for quagga (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33236
    P
    		ppc64-diag on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25882
    P
    		Security update for python-tornado (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26373
    P
    		Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25937
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26579
    P
    		libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31515
    P
    		Security update for quagga (Low)
    2020-12-01
    oval:org.opensuse.security:def:33275
    P
    		tomcat6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25939
    P
    		Security update for gstreamer-0_10-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27011
    P
    		perl-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26593
    P
    		libnetpbm10 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:19305
    V
    		HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:18263
    P
    		USN-1685-1 -- tomcat6, tomcat7 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18605
    P
    		DSA-2725-1 tomcat6 - several
    2014-06-23
    oval:org.mitre.oval:def:23491
    P
    		ELSA-2013:0640: tomcat5 security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:24031
    P
    		ELSA-2013:0623: tomcat6 security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21075
    P
    		RHSA-2013:0623: tomcat6 security update (Important)
    2014-02-17
    oval:org.mitre.oval:def:20966
    P
    		RHSA-2013:0640: tomcat5 security update (Important)
    2014-02-17
    oval:com.redhat.rhsa:def:20130640
    P
    		RHSA-2013:0640: tomcat5 security update (Important)
    2013-03-12
    oval:com.redhat.rhsa:def:20130623
    P
    		RHSA-2013:0623: tomcat6 security update (Important)
    2013-03-11
    oval:com.ubuntu.precise:def:20123546000
    V
    		CVE-2012-3546 on Ubuntu 12.04 LTS (precise) - medium.
    2012-12-19
    BACK
    apache tomcat 6.0
    apache tomcat 6.0.0
    apache tomcat 6.0.0 alpha
    apache tomcat 6.0.1
    apache tomcat 6.0.1 alpha
    apache tomcat 6.0.2
    apache tomcat 6.0.2 alpha
    apache tomcat 6.0.2 beta
    apache tomcat 6.0.3
    apache tomcat 6.0.4
    apache tomcat 6.0.5
    apache tomcat 6.0.6
    apache tomcat 6.0.7
    apache tomcat 6.0.8
    apache tomcat 6.0.9
    apache tomcat 6.0.9 beta
    apache tomcat 6.0.10
    apache tomcat 6.0.11
    apache tomcat 6.0.12
    apache tomcat 6.0.13
    apache tomcat 6.0.14
    apache tomcat 6.0.15
    apache tomcat 6.0.16
    apache tomcat 6.0.17
    apache tomcat 6.0.18
    apache tomcat 6.0.19
    apache tomcat 6.0.20
    apache tomcat 6.0.24
    apache tomcat 6.0.26
    apache tomcat 6.0.27
    apache tomcat 6.0.28
    apache tomcat 6.0.29
    apache tomcat 6.0.30
    apache tomcat 6.0.31
    apache tomcat 6.0.32
    apache tomcat 6.0.33
    apache tomcat 6.0.35
    apache tomcat 7.0.0
    apache tomcat 7.0.0 beta
    apache tomcat 7.0.1
    apache tomcat 7.0.2
    apache tomcat 7.0.2 beta
    apache tomcat 7.0.3
    apache tomcat 7.0.4
    apache tomcat 7.0.4 beta
    apache tomcat 7.0.5
    apache tomcat 7.0.6
    apache tomcat 7.0.7
    apache tomcat 7.0.8
    apache tomcat 7.0.9
    apache tomcat 7.0.10
    apache tomcat 7.0.11
    apache tomcat 7.0.12
    apache tomcat 7.0.13
    apache tomcat 7.0.14
    apache tomcat 7.0.15
    apache tomcat 7.0.16
    apache tomcat 7.0.17
    apache tomcat 7.0.18
    apache tomcat 7.0.19
    apache tomcat 7.0.20
    apache tomcat 7.0.21
    apache tomcat 7.0.22
    apache tomcat 7.0.23
    apache tomcat 7.0.25
    apache tomcat 7.0.28
    apache tomcat 6.0
    apache tomcat 6.0.0
    apache tomcat 6.0.1
    apache tomcat 6.0.10
    apache tomcat 6.0.11
    apache tomcat 6.0.12
    apache tomcat 6.0.13
    apache tomcat 6.0.14
    apache tomcat 6.0.15
    apache tomcat 6.0.2
    apache tomcat 6.0.3
    apache tomcat 6.0.4
    apache tomcat 6.0.5
    apache tomcat 6.0.6
    apache tomcat 6.0.7
    apache tomcat 6.0.8
    apache tomcat 6.0.9
    apache tomcat 6.0.16
    apache tomcat 6.0.18
    apache tomcat 6.0.17
    apache tomcat 6.0.20
    apache tomcat 6.0.19
    apache tomcat 6.0.24
    apache tomcat 6.0.26
    apache tomcat 6.0.27
    apache tomcat 6.0.28
    apache tomcat 6.0.29
    apache tomcat 7.0.0 beta
    apache tomcat 7.0.1
    apache tomcat 7.0.2
    apache tomcat 7.0.3
    apache tomcat 7.0.4
    apache tomcat 7.0.8
    apache tomcat 7.0.5
    apache tomcat 7.0.6
    apache tomcat 7.0.7
    apache tomcat 7.0.9
    apache tomcat 7.0.10
    apache tomcat 7.0.11
    apache tomcat 7.0.12
    apache tomcat 7.0.13
    apache tomcat 6.0.30
    apache tomcat 6.0.31
    apache tomcat 6.0.32
    apache tomcat 7.0.16
    apache tomcat 7.0.21
    apache tomcat 6.0.33
    apache tomcat 7.0.0
    apache tomcat 6.0.0 alpha
    apache tomcat 6.0.1 alpha
    apache tomcat 6.0.2 alpha
    apache tomcat 6.0.2 beta
    apache tomcat 6.0.4 alpha
    apache tomcat 6.0.6 alpha
    apache tomcat 6.0.7 alpha
    apache tomcat 6.0.7 beta
    apache tomcat 6.0.8 alpha
    apache tomcat 6.0.9 beta
    apache tomcat 7.0.14
    apache tomcat 7.0.15
    apache tomcat 7.0.17
    apache tomcat 7.0.18
    apache tomcat 7.0.19
    apache tomcat 7.0.2 beta
    apache tomcat 7.0.20
    apache tomcat 7.0.22
    apache tomcat 7.0.23
    apache tomcat 7.0.25
    apache tomcat 7.0.4 beta
    apache tomcat 6.0.35
    apache tomcat 7.0.28
    redhat enterprise linux 4
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    hp network node manager i 9.0
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    ibm sterling b2b integrator 6.0.0.0
    ibm sterling b2b integrator 5.2.0.0