製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Tomcat における有効なユーザ名を列挙される脆弱性

Title	Apache Tomcat における有効なユーザ名を列挙される脆弱性
Summary	Apache Tomcat には、FORM 認証を使用している場合に、エラーチェック処理に不備があるため、有効なユーザ名を列挙される脆弱性が存在します。
Possible impacts	第三者に有効なユーザ名を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 5, 2009, midnight
Registration Date	July 10, 2009, 12:09 p.m.
Last Update	Sept. 28, 2012, 4:36 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:N

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

RHEL Desktop Workstation 5 (client)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

HP-UX Tomcat-based Servlet Engine 5.5.30.01 未満

Apache Software Foundation

Apache Tomcat 4.1.0 から 4.1.39

Apache Tomcat 5.5.0 から 5.5.27

Apache Tomcat 6.0.0 から 6.0.18

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

アップル

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6 から v10.6.2

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware Server 2.x

VMware vCenter 4.0

VMware VirtualCenter 2.0.2

VMware VirtualCenter 2.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0580	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
National Vulnerability Database (NVD)
2	CVE-2009-0580	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0580

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Apache Tomcat
1	Fixed in Apache Tomcat 4.1.40	http://tomcat.apache.org/security-4.html
2	Fixed in Apache Tomcat 5.5.SVN	http://tomcat.apache.org/security-5.html
3	Fixed in Apache Tomcat 6.0.20	http://tomcat.apache.org/security-6.html
Apple Security Updates
4	HT4077	http://support.apple.com/kb/HT4077
Apple セキュリティアップデート
5	HT4077	http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Asianux Technical Support Network
6	tomcat5-5.5.23-0jpp.7.2.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=725
Hewlett Packard
7	HPUXWSATW313	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313
HP Security Bulletin
8	HPSBUX02466	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01908935
9	HPSBUX02579	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02515878
MIRACLE LINUX アップデート情報
10	1794	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1794
Red Hat Security Advisory
11	RHSA-2009:1164	https://rhn.redhat.com/errata/RHSA-2009-1164.html
SECURITY BLOG
12	Multiple vulnerabilities in Oracle Java Web Console	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1
Sun Alert Notification
13	263529	http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1
VMware Security Advisories
14	VMSA-2009-0016	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
レッドハットセキュリティーアップデート
15	RHSA-2009:1164	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1164J.html

その他

No	Name	URL
ISS X-Force Database
1	50930	http://xforce.iss.net/xforce/xfdb/50930
Secunia Advisory
2	SA35326	http://secunia.com/advisories/35326
3	SA35344	http://secunia.com/advisories/35344
SecurityTracker
4	1022332	http://securitytracker.com/id?1022332
VUPEN Security
5	VUPEN/ADV-2009-1496	http://www.vupen.com/english/advisories/2009/1496

Change Log

No	Changed Details	Date of change
0	[2009年07月10日] 掲載 [2009年08月11日] 影響を受けるシステム：サン・マイクロシステムズ (263529) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1164) の情報を追加ベンダ情報：サン・マイクロシステムズ (263529) を追加ベンダ情報：レッドハット (RHSA-2009:1164) を追加 [2009年10月08日] 影響を受けるシステム：ミラクル・リナックス (tomcat5-5.5.23-0jpp.7.2.1AXS3) の情報を追加影響を受けるシステム：ミラクル・リナックス (1794) の情報を追加ベンダ情報：ミラクル・リナックス (tomcat5-5.5.23-0jpp.7.2.1AXS3) を追加ベンダ情報：ミラクル・リナックス (1794) を追加 [2009年11月13日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02466) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02466) を追加 [2010年01月05日] 影響を受けるシステム：VMware (VMSA-2009-0016) の情報を追加ベンダ情報：VMware (VMSA-2009-0016) を追加 [2010年04月23日] 影響を受けるシステム：アップル (HT4077) の情報を追加ベンダ情報：アップル (HT4077) を追加 [2010年12月13日] 影響を受けるシステム：ヒューレット・パッカード (HPUXWSATW313) の情報を追加影響を受けるシステム：ヒューレット・パッカード (HPSBUX02579) の情報を追加ベンダ情報：ヒューレット・パッカード (HPUXWSATW313) を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02579) を追加 [2012年09月28日] ベンダ情報：オラクル (Multiple vulnerabilities in Oracle Java Web Console) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-0580

Summary	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Publication Date	June 6, 2009, 1 a.m.
Registration Date	Jan. 29, 2021, 1:14 p.m.
Last Update	Feb. 13, 2023, 11:19 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:4.1.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.35:::::::*
cpe:2.3:a:apache:tomcat:4.1.36:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:beta::::::
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:4.1.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:4.1.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:4.1.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.39:::::::*
cpe:2.3:a:apache:tomcat:4.1.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.30:::::::*
cpe:2.3:a:apache:tomcat:4.1.7:::::::*
cpe:2.3:a:apache:tomcat:4.1.38:::::::*
cpe:2.3:a:apache:tomcat:4.1.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:4.1.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:4.1.31:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.29:::::::*
cpe:2.3:a:apache:tomcat:4.1.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.13:::::::*
cpe:2.3:a:apache:tomcat:4.1.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.33:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:4.1.12:::::::*
cpe:2.3:a:apache:tomcat:4.1.28:::::::*
cpe:2.3:a:apache:tomcat:4.1.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:beta::::::
cpe:2.3:a:apache:tomcat:4.1.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:4.1.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.34:::::::*
cpe:2.3:a:apache:tomcat:4.1.32:::::::*
cpe:2.3:a:apache:tomcat:4.1.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://svn.apache.org/viewvc?rev=747840&view=rev	CONFIRM	Patch Vendor Advisory
2	http://svn.apache.org/viewvc?rev=781379&view=rev	CONFIRM	Patch Vendor Advisory
3	http://www.securityfocus.com/bid/35196	BID
4	http://tomcat.apache.org/security-6.html	CONFIRM	Patch Vendor Advisory
5	http://tomcat.apache.org/security-5.html	CONFIRM	Patch Vendor Advisory
6	http://secunia.com/advisories/35326	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/35344	SECUNIA	Vendor Advisory
8	http://securitytracker.com/id?1022332	SECTRACK
9	http://tomcat.apache.org/security-4.html	CONFIRM	Patch Vendor Advisory
10	http://www.vupen.com/english/advisories/2009/1496	VUPEN	Patch Vendor Advisory
11	http://svn.apache.org/viewvc?rev=781382&view=rev	CONFIRM	Patch Vendor Advisory
12	http://www.mandriva.com/security/advisories?name=MDVSA-2009:138	MANDRIVA
13	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136	MANDRIVA
14	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	SUSE
15	http://www.vupen.com/english/advisories/2009/1856	VUPEN
16	http://secunia.com/advisories/35685	SECUNIA
17	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1	SUNALERT
18	http://secunia.com/advisories/35788	SECUNIA
19	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html	FEDORA
20	http://www.vupen.com/english/advisories/2009/3316	VUPEN
21	http://secunia.com/advisories/37460	SECUNIA
22	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html	FEDORA
23	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	CONFIRM
24	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html	FEDORA
25	http://support.apple.com/kb/HT4077	CONFIRM
26	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	APPLE
27	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176	MANDRIVA
28	http://marc.info/?l=bugtraq&m=129070310906557&w=2	HP
29	http://www.vupen.com/english/advisories/2010/3056	VUPEN
30	http://secunia.com/advisories/42368	SECUNIA
31	http://www.debian.org/security/2011/dsa-2207	DEBIAN
32	http://marc.info/?l=bugtraq&m=136485229118404&w=2	HP
33	http://marc.info/?l=bugtraq&m=133469267822771&w=2	HP
34	http://marc.info/?l=bugtraq&m=127420533226623&w=2	HP
35	https://exchange.xforce.ibmcloud.com/vulnerabilities/50930	XF
36	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101	OVAL
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628	OVAL
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915	OVAL
39	http://www.securityfocus.com/archive/1/507985/100/0/threaded	BUGTRAQ
40	http://www.securityfocus.com/archive/1/504125/100/0/threaded	BUGTRAQ
41	http://www.securityfocus.com/archive/1/504108/100/0/threaded	BUGTRAQ
42	http://www.securityfocus.com/archive/1/504045/100/0/threaded	BUGTRAQ
43	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E	MISC
44	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E	MISC
45	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	MISC
46	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	MISC
47	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	MISC
48	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E	MISC
49	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E	MISC

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:4.1.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.35:::::::*
cpe:2.3:a:apache:tomcat:4.1.36:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:beta::::::
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:4.1.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:4.1.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:4.1.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.39:::::::*
cpe:2.3:a:apache:tomcat:4.1.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.30:::::::*
cpe:2.3:a:apache:tomcat:4.1.7:::::::*
cpe:2.3:a:apache:tomcat:4.1.38:::::::*
cpe:2.3:a:apache:tomcat:4.1.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:4.1.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:4.1.31:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:4.1.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.29:::::::*
cpe:2.3:a:apache:tomcat:4.1.22:::::::*
cpe:2.3:a:apache:tomcat:4.1.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.26:::::::*
cpe:2.3:a:apache:tomcat:4.1.13:::::::*
cpe:2.3:a:apache:tomcat:4.1.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:4.1.33:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:4.1.12:::::::*
cpe:2.3:a:apache:tomcat:4.1.28:::::::*
cpe:2.3:a:apache:tomcat:4.1.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:beta::::::
cpe:2.3:a:apache:tomcat:4.1.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:4.1.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.34:::::::*
cpe:2.3:a:apache:tomcat:4.1.32:::::::*
cpe:2.3:a:apache:tomcat:4.1.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:::::::*