Vulnerability CVE-2013-4322 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4322 (CCN-91625)

Assigned:

2013-06-12

Published:

2014-02-25

Updated:

2019-04-15

Summary:

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.
Note: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CONFIRM
Type: UNKNOWN
http://advisories.mageia.org/MGASA-2014-0148.html

Source: MITRE
Type: CNA
CVE-2013-4322

Source: HP
Type: UNKNOWN
HPSBOV03503

Source: CCN
Type: RHSA-2014-0429
Moderate: tomcat6 security update

Source: CCN
Type: RHSA-2014-0525
Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

Source: CCN
Type: RHSA-2014-0526
Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update

Source: CCN
Type: RHSA-2014-0686
Important: tomcat security update

Source: FULLDISC
Type: UNKNOWN
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

Source: CCN
Type: SA58020
IBM Security AppScan Apache Tomcat Session Fixation Vulnerability

Source: CCN
Type: SA58152
IBM Rational Policy Tester Apache Tomcat Session Fixation Vulnerability

Source: SECUNIA
Type: UNKNOWN
59036

Source: SECUNIA
Type: UNKNOWN
59675

Source: SECUNIA
Type: UNKNOWN
59722

Source: SECUNIA
Type: UNKNOWN
59724

Source: SECUNIA
Type: UNKNOWN
59873

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?view=revision&revision=1521834

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?view=revision&revision=1521864

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?view=revision&revision=1549522

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?view=revision&revision=1549523

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?view=revision&revision=1556540

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-6.html

Source: CCN
Type: Apache Web site
Fixed in Apache Tomcat 6.0.39

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-7.html

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-8.html

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21667883

Source: CCN
Type: IBM Security Bulletin 1670941
IBM Security AppScan Enterprise can be affected by multiple vulnerabilities in Apache Tomcat (CVE-2014-0033, CVE-2013-4322)

Source: CCN
Type: IBM Security Bulletin 1670942
IBM Rational Policy Tester can be affected by multiple vulnerabilities in Apache Tomcat (CVE-2014-0033, CVE-2013-4322)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21675886

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21677147

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21678113

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Source: DEBIAN
Type: UNKNOWN
DSA-3530

Source: CCN
Type: IBM Security Bulletin 1667883
Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1669383
Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1671330
Multiple Vulnerabilities in Apache Tomcat (CVE-2013-4286, CVE-2013-4322, CVE-2014-0050)

Source: CCN
Type: IBM Security Bulletin 1671340
Multiple security exposures in IBM Cognos BI Server (CVE-2014- 0416, CVE-2014-0423, CVE-2013-4322)

Source: CCN
Type: IBM Security Bulletin 1671862
IBM Initiate Master Data Service is affected by vulnerabilities in Apache Tomcat (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322)

Source: CCN
Type: IBM Security Bulletin 1671934
Multiple security exposures in IBM Cognos Business Viewpoint (CVE-2014- 0411, CVE-2013-4286, CVE-2013-4322)

Source: CCN
Type: IBM Security Bulletin 1672321
Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Release (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1673072
Rational Directory Server could be affected by vulnerabilities in Apache Tomcat server (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, and CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1675006
Multiple Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033)

Source: CCN
Type: IBM Security Bulletin 1675886
IBM Rational Connector for SAP Solution Manager (CVE-2013-4286 CVE-2014-0033 CVE-2013-4322 CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1676186
Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1676983
Security vulnerabilities in Apache Tomcat in Rational DOORS Web Access

Source: CCN
Type: IBM Security Bulletin 1677147
Multiple vulnerabilities in Apache Tomcat used by IBM QRadar Security Information and Event Manager 7.1 MR2, and 7.2 MR2. (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1677448
IBM OpenPages GRC Platform, multiple vulnerabilities in bundled version of Apache Tomcat

Source: CCN
Type: IBM Security Bulletin 1678113
Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2014-0453, CVE-2013-4286, CVE-2013-4322)

Source: CCN
Type: IBM Security Bulletin 1678231
Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

Source: CCN
Type: IBM Security Bulletin 1678892
Tivoli Application Dependency Discovery Manager - Open Source Tomcat issues reported between March - May 2014.

Source: CCN
Type: IBM Security Bulletin 1680754
Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)

Source: CCN
Type: IBM Security Bulletin 1682399
IBM Cognos TM1 is affected by the following Tomcat vulnerability: CVE-2013-4322

Source: CCN
Type: IBM Security Bulletin 1687629
IBM Cognos Express is affected by the following Tomcat vulnerability: CVE-2013-4322

Source: CCN
Type: IBM Security Bulletin 1687761
IBM Algo One is affected by multiple Open Source Tomcat security vulnerabilities (CVE-2013-4444, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:052

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:084

Source: CCN
Type: Oracle CPUOct2016
Oracle Critical Patch Update Advisory - October 2016

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Source: BUGTRAQ
Type: UNKNOWN
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

Source: BID
Type: UNKNOWN
65767

Source: CCN
Type: BID-65767
Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2130-1

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2014-0008.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Source: CCN
Type: Red Hat Bugzilla Bug 1069905
CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1069905

Source: XF
Type: UNKNOWN
apache-tomcat-cve20134322-dos(91625)

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0686

Source: CCN
Type: IBM Security Bulletin 6496741 (Sterling B2B Integrator)
Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6858013 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4322

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:apache:tomcat:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version <= 6.0.37)

Configuration 3:

cpe:/a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc4:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc6:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc7:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc8:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc9:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:3.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc4:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc6:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc7:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc8:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc9:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

AND

cpe:/a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_express:9.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.5:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:rational_policy_tester:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.6:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:websphere_message_broker:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_express:10.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:*

OR cpe:/a:ibm:cognos_tm1:10.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_express:10.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.8:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:cognos_tm1:10.2.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:ims_enterprise_suite:2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:algo_audit_and_compliance:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_business_viewpoint:10.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_business_viewpoint:10.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:initiate_master_data_service:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:initiate_master_data_service:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:9.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:ims_enterprise_suite:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.0.4:-:community:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_connector:4:*:*:*:sap_solution_manager:*:*:*

OR cpe:/a:ibm:openpages_grc_platform:6.0.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:openpages_grc_platform:6.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.4.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.4.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.6.0.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134322	V	CVE-2013-4322	2022-05-20
oval:org.opensuse.security:def:34607	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:30132	P	Security update for libqt5-qtbase (Important)	2021-09-30
oval:org.opensuse.security:def:30121	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:30120	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:34517	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:34460	P	Security update for the Linux Kernel (Important)	2021-06-09
oval:org.opensuse.security:def:30206	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:31609	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:35620	P	openssh-5.1p1-41.31.36 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35661	P	OpenEXR-1.6.1-83.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:34226	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34938	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30781	P	Security update for bind	2020-12-01
oval:org.opensuse.security:def:30869	P	Security update for evolution-data-server	2020-12-01
oval:org.opensuse.security:def:30338	P	Security update for transfig (Low)	2020-12-01
oval:org.opensuse.security:def:34130	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:30933	P	Recommended update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:34824	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:30484	P	Security update for clamav	2020-12-01
oval:org.opensuse.security:def:34142	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34912	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:30726	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34362	P	Security update for tcpdump	2020-12-01
oval:org.opensuse.security:def:34982	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:30830	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:30889	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:34766	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:30427	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:34131	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:31571	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:34873	P	Security update for CUPS	2020-12-01
oval:org.opensuse.security:def:30571	P	Security update for libxslt	2020-12-01
oval:org.cisecurity:def:585	P	DSA-3530-1 -- tomcat6 -- security update	2016-07-01
oval:org.mitre.oval:def:27148	P	ELSA-2014-0686 -- tomcat security update (important)	2014-12-15
oval:org.mitre.oval:def:26443	P	SUSE-SU-2014:1015-1 -- Security update for tomcat6	2014-10-27
oval:org.mitre.oval:def:25020	P	RHSA-2014:0686: tomcat security update (Important)	2014-09-08
oval:org.mitre.oval:def:24843	P	ELSA-2014:0429: tomcat6 security update (Moderate)	2014-07-21
oval:org.mitre.oval:def:24488	P	RHSA-2014:0429: tomcat6 security update (Moderate)	2014-06-30
oval:org.mitre.oval:def:24367	P	USN-2130-1 -- tomcat6, tomcat7 vulnerabilities	2014-06-30
oval:com.redhat.rhsa:def:20140686	P	RHSA-2014:0686: tomcat security update (Important)	2014-06-10
oval:com.redhat.rhsa:def:20140429	P	RHSA-2014:0429: tomcat6 security update (Moderate)	2014-04-23
oval:com.ubuntu.xenial:def:20134322000	V	CVE-2013-4322 on Ubuntu 16.04 LTS (xenial) - medium.	2014-02-26
oval:com.ubuntu.precise:def:20134322000	V	CVE-2013-4322 on Ubuntu 12.04 LTS (precise) - medium.	2014-02-26
oval:com.ubuntu.xenial:def:201343220000000	V	CVE-2013-4322 on Ubuntu 16.04 LTS (xenial) - medium.	2014-02-26
oval:com.ubuntu.trusty:def:20134322000	V	CVE-2013-4322 on Ubuntu 14.04 LTS (trusty) - medium.	2014-02-26