製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Tomcat におけるサービス運用妨害（DoS）の脆弱性

Title	Apache Tomcat におけるサービス運用妨害（DoS）の脆弱性
Summary	The Apache Software Foundation が提供する Apache Tomcat には、サービス運用妨害（DoS）の脆弱性が存在します。 The Apache Software Foundation が提供する Apache Tomcat は、Java Servlet と JavaServer Pages のサーバ実装です。 Apache Tomcat は、Java AJP コネクタ経由で送られた不正なヘッダを含むリクエストを処理する際、エラーを返さず AJP との接続を切断します。その際、コネクタが mod_jk lb ワーカである場合はエラー状態となり、約１分間利用不可能となります。その結果、サービス運用妨害（DoS）攻撃などに使用される可能性があります。開発者によると、現在サポート対象外となっている Apache Tomcat 3.x、4.0.x、および 5.0.x も、本脆弱性の影響を受ける可能性があるとのことです。詳しくは開発者が提供する情報をご確認ください。この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC がベンダとの調整を行いました。報告者：NTT OSS センタ福山義仁氏
Possible impacts	遠隔の第三者により不正なリクエストを送られることで、サービス運用妨害（DoS）攻撃を受ける可能性があります。
Solution	[アップデートする] Apache Tomcat 6.0.x をお使いの場合：開発者が提供する情報をもとに、Apache Tomcat 6.0.20 へアップデートしてください。 Apache Tomcat 5.5.x および 4.1.x をお使いの場合： 2009年06月09日現在、各系列の最新版は公開されていません。Apache Tomcat 5.5.28 および 4.1.40 が公開された際には、速やかにアップデートしてください。 [パッチを適用する] 各系列に対応したパッチが公開されています。アップデートができない場合は各系列のパッチを適用してください。
Publication Date	June 9, 2009, midnight
Registration Date	June 18, 2009, 2:56 p.m.
Last Update	Sept. 28, 2012, 1:37 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

RHEL Desktop Workstation 5 (client)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

HP-UX Tomcat-based Servlet Engine 5.5.30.01 未満

Apache Software Foundation

Apache Tomcat 4.1.0 から 4.1.39 まで

Apache Tomcat 5.5.0 から 5.5.27 まで

Apache Tomcat 6.0.0 から 6.0.18 まで

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

アップル

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6 から v10.6.2

日本電気

InfoFrame DocumentSkipper

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware Server 2.x

VMware vCenter 4.0

VMware VirtualCenter 2.0.2

VMware VirtualCenter 2.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0033	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
National Vulnerability Database (NVD)
2	CVE-2009-0033	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0033

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apache Tomcat
1	Apache Tomcat 4.x vulnerabilities(CVE-2009-0033)	http://tomcat.apache.org/security-4.html
2	Apache Tomcat 5.x vulnerabilities(CVE-2009-0033)	http://tomcat.apache.org/security-5.html
3	Apache Tomcat 6.x vulnerabilities(CVE-2009-0033)	http://tomcat.apache.org/security-6.html
4	Security Updates	http://tomcat.apache.org/security
Apple Security Updates
5	HT4077	http://support.apple.com/kb/HT4077
Apple セキュリティアップデート
6	HT4077	http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Asianux Technical Support Network
7	tomcat5-5.5.23-0jpp.7.2.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=725
Hewlett Packard
8	HPUXWSATW313	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313
HP Security Bulletin
9	HPSBUX02466	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01908935
10	HPSBUX02579	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02515878
MIRACLE LINUX アップデート情報
11	1794	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1794
NEC製品セキュリティ情報
12	NV10-002	http://www.nec.co.jp/security-info/secinfo/nv10-002.html
Red Hat Security Advisory
13	RHSA-2009:1164	https://rhn.redhat.com/errata/RHSA-2009-1164.html
SECURITY BLOG
14	Multiple vulnerabilities in Oracle Java Web Console	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1
Sun Alert Notification
15	263529	http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1
VMware Security Advisories
16	VMSA-2009-0016	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
レッドハットセキュリティーアップデート
17	RHSA-2009:1164	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1164J.html
富士通セキュリティ情報
18	JVN#87272440	http://software.fujitsu.com/jp/security/vulnerabilities/jvn-87272440.html

その他

No	Name	URL
ISS X-Force Database
1	50928	http://xforce.iss.net/xforce/xfdb/50928
JVN
2	JVN#87272440	http://jvn.jp/jp/JVN87272440/index.html
Secunia Advisory
3	SA35326	http://secunia.com/advisories/35326
4	SA35344	http://secunia.com/advisories/35344
SecurityFocus
5	35193	http://www.securityfocus.com/bid/35193
SecurityTracker
6	1022331	http://securitytracker.com/alerts/2009/Jun/1022331.html
VUPEN Security
7	VUPEN/ADV-2009-1496	http://www.vupen.com/english/advisories/2009/1496

Change Log

No	Changed Details	Date of change
0	[2009年06月18日] 掲載 [2009年08月11日] 影響を受けるシステム：サン・マイクロシステムズ (263529) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1164) の情報を追加ベンダ情報：サン・マイクロシステムズ (263529) を追加ベンダ情報：レッドハット (RHSA-2009:1164) を追加 [2009年10月08日] 影響を受けるシステム：ミラクル・リナックス (tomcat5-5.5.23-0jpp.7.2.1AXS3) の情報を追加影響を受けるシステム：ミラクル・リナックス (1794) の情報を追加ベンダ情報：ミラクル・リナックス (tomcat5-5.5.23-0jpp.7.2.1AXS3) を追加ベンダ情報：ミラクル・リナックス (1794) を追加 [2009年11月13日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02466) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02466) を追加 [2010年01月04日] 影響を受けるシステム：VMware (VMSA-2009-0016) の情報を追加ベンダ情報：VMware (VMSA-2009-0016) を追加 [2010年04月23日] 影響を受けるシステム：アップル (HT4077) の情報を追加影響を受けるシステム：日本電気 (NV10-002) の情報を追加ベンダ情報：アップル (HT4077) を追加ベンダ情報：日本電気 (NV10-002) を追加 [2010年12月13日] 影響を受けるシステム：ヒューレット・パッカード (HPUXWSATW313) の情報を追加影響を受けるシステム：ヒューレット・パッカード (HPSBUX02579) の情報を追加ベンダ情報：ヒューレット・パッカード (HPUXWSATW313) を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02579) を追加 [2012年09月28日] ベンダ情報：オラクル (Multiple vulnerabilities in Oracle Java Web Console) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-0033

Summary	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Publication Date	June 6, 2009, 1 a.m.
Registration Date	Jan. 29, 2021, 1:13 p.m.
Last Update	Feb. 13, 2023, 10:17 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:4.1.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.35:::::::*
cpe:2.3:a:apache:tomcat:4.1.36:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:beta::::::
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:4.1.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:4.1.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:4.1.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.39:::::::*
cpe:2.3:a:apache:tomcat:4.1.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.30:::::::*
cpe:2.3:a:apache:tomcat:4.1.7:::::::*
cpe:2.3:a:apache:tomcat:4.1.38:::::::*
cpe:2.3:a:apache:tomcat:4.1.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:4.1.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:4.1.31:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.29:::::::*
cpe:2.3:a:apache:tomcat:4.1.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.13:::::::*
cpe:2.3:a:apache:tomcat:4.1.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.33:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:4.1.12:::::::*
cpe:2.3:a:apache:tomcat:4.1.28:::::::*
cpe:2.3:a:apache:tomcat:4.1.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:beta::::::
cpe:2.3:a:apache:tomcat:4.1.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:4.1.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.34:::::::*
cpe:2.3:a:apache:tomcat:4.1.32:::::::*
cpe:2.3:a:apache:tomcat:4.1.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.securityfocus.com/bid/35193	BID	Patch
2	http://tomcat.apache.org/security-5.html	CONFIRM	Patch Vendor Advisory
3	http://www.vupen.com/english/advisories/2009/1496	VUPEN	Patch Vendor Advisory
4	http://secunia.com/advisories/35344	SECUNIA	Vendor Advisory
5	http://svn.apache.org/viewvc?rev=781362&view=rev	CONFIRM	Patch Vendor Advisory
6	http://securitytracker.com/id?1022331	SECTRACK
7	http://secunia.com/advisories/35326	SECUNIA	Vendor Advisory
8	http://tomcat.apache.org/security-6.html	CONFIRM	Patch Vendor Advisory
9	http://tomcat.apache.org/security-4.html	CONFIRM	Patch Vendor Advisory
10	http://svn.apache.org/viewvc?rev=742915&view=rev	CONFIRM	Patch Vendor Advisory
11	http://jvn.jp/en/jp/JVN87272440/index.html	JVN
12	http://www.mandriva.com/security/advisories?name=MDVSA-2009:138	MANDRIVA
13	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136	MANDRIVA
14	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	SUSE
15	http://secunia.com/advisories/35685	SECUNIA
16	http://secunia.com/advisories/35788	SECUNIA
17	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1	SUNALERT
18	http://www.vupen.com/english/advisories/2009/1856	VUPEN
19	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html	FEDORA
20	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html	FEDORA
21	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html	FEDORA
22	http://www.vupen.com/english/advisories/2009/3316	VUPEN
23	http://secunia.com/advisories/37460	SECUNIA
24	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	CONFIRM
25	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	APPLE
26	http://support.apple.com/kb/HT4077	CONFIRM
27	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176	MANDRIVA
28	http://marc.info/?l=bugtraq&m=129070310906557&w=2	HP
29	http://www.vupen.com/english/advisories/2010/3056	VUPEN
30	http://secunia.com/advisories/42368	SECUNIA
31	http://www.debian.org/security/2011/dsa-2207	DEBIAN
32	http://marc.info/?l=bugtraq&m=136485229118404&w=2	HP
33	http://marc.info/?l=bugtraq&m=133469267822771&w=2	HP
34	http://marc.info/?l=bugtraq&m=127420533226623&w=2	HP
35	https://exchange.xforce.ibmcloud.com/vulnerabilities/50928	XF
36	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739	OVAL
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110	OVAL
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231	OVAL
39	http://www.securityfocus.com/archive/1/507985/100/0/threaded	BUGTRAQ
40	http://www.securityfocus.com/archive/1/504044/100/0/threaded	BUGTRAQ
41	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	MISC
42	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	MISC
43	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	MISC
44	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E	MISC
45	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E	MISC
46	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E	MISC
47	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E	MISC

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:4.1.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.35:::::::*
cpe:2.3:a:apache:tomcat:4.1.36:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:beta::::::
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:4.1.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:4.1.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:4.1.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.39:::::::*
cpe:2.3:a:apache:tomcat:4.1.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.30:::::::*
cpe:2.3:a:apache:tomcat:4.1.7:::::::*
cpe:2.3:a:apache:tomcat:4.1.38:::::::*
cpe:2.3:a:apache:tomcat:4.1.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:4.1.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:4.1.31:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.29:::::::*
cpe:2.3:a:apache:tomcat:4.1.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.13:::::::*
cpe:2.3:a:apache:tomcat:4.1.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.33:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:4.1.12:::::::*
cpe:2.3:a:apache:tomcat:4.1.28:::::::*
cpe:2.3:a:apache:tomcat:4.1.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:beta::::::
cpe:2.3:a:apache:tomcat:4.1.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:4.1.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.34:::::::*
cpe:2.3:a:apache:tomcat:4.1.32:::::::*
cpe:2.3:a:apache:tomcat:4.1.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:::::::*