Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/176362?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/176362?format=api", "purl": "pkg:rpm/redhat/jboss-as-connector@7.2.1-5.Final_redhat_10.1.ep6?arch=el6", "type": "rpm", "namespace": "redhat", "name": "jboss-as-connector", "version": "7.2.1-5.Final_redhat_10.1.ep6", "qualifiers": { "arch": "el6" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114196?format=api", "vulnerability_id": "VCID-4kf3-hx3k-47ef", "summary": "Bayeux: Reflected Cross-Site Scripting (XSS)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6495.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6495.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52273", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6495" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066794", "reference_id": "1066794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1437", "reference_id": "RHSA-2013:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1437" } ], "fixed_packages": [], "aliases": [ "CVE-2013-6495" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kf3-hx3k-47ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51037?format=api", "vulnerability_id": "VCID-7pxs-sc8s-8fg2", "summary": "A XSS flaw affected the mod_proxy_balancer manager interface.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4558.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.58223", "scoring_system": "epss", "scoring_elements": "0.98222", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4558" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884", "reference_id": "915884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2012-4558.json", "reference_id": "CVE-2012-4558", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2012-4558.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0815", "reference_id": "RHSA-2013:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1011", "reference_id": "RHSA-2013:1011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1012", "reference_id": "RHSA-2013:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1013", "reference_id": "RHSA-2013:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" } ], "fixed_packages": [], "aliases": [ "CVE-2012-4558" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pxs-sc8s-8fg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114582?format=api", "vulnerability_id": "VCID-8xm4-twyc-duh2", "summary": "PicketBox: Insecure storage of masked passwords", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1921.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1921.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23558", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1921" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=948106", "reference_id": "948106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1437", "reference_id": "RHSA-2013:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0029", "reference_id": "RHSA-2014:0029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0029" } ], "fixed_packages": [], "aliases": [ "CVE-2013-1921" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xm4-twyc-duh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51039?format=api", "vulnerability_id": "VCID-b44m-f3y9-kqag", "summary": "Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1896.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43961", "scoring_system": "epss", "scoring_elements": "0.97605", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1896" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717272", "reference_id": "717272", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717272" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=983549", "reference_id": "983549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983549" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2013-1896.json", "reference_id": "CVE-2013-1896", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2013-1896.json" }, { "reference_url": "https://security.gentoo.org/glsa/201309-12", "reference_id": "GLSA-201309-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1133", "reference_id": "RHSA-2013:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1134", "reference_id": "RHSA-2013:1134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1156", "reference_id": "RHSA-2013:1156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" } ], "fixed_packages": [], "aliases": [ "CVE-2013-1896" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b44m-f3y9-kqag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51034?format=api", "vulnerability_id": "VCID-csqk-utue-9yeq", "summary": "Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3499.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21581", "scoring_system": "epss", "scoring_elements": "0.95829", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3499" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883", "reference_id": "915883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2012-3499.json", "reference_id": "CVE-2012-3499", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2012-3499.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0815", "reference_id": "RHSA-2013:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1011", "reference_id": "RHSA-2013:1011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1012", "reference_id": "RHSA-2013:1012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1013", "reference_id": "RHSA-2013:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" } ], "fixed_packages": [], "aliases": [ "CVE-2012-3499" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-csqk-utue-9yeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51038?format=api", "vulnerability_id": "VCID-m4t4-3fjk-s3gq", "summary": "mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1862.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1862.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52396", "scoring_system": "epss", "scoring_elements": "0.97981", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1862" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=953729", "reference_id": "953729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953729" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2013-1862.json", "reference_id": "CVE-2013-1862", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2013-1862.json" }, { "reference_url": "https://security.gentoo.org/glsa/201309-12", "reference_id": "GLSA-201309-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0815", "reference_id": "RHSA-2013:0815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1133", "reference_id": "RHSA-2013:1133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1134", "reference_id": "RHSA-2013:1134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" } ], "fixed_packages": [], "aliases": [ "CVE-2013-1862" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4t4-3fjk-s3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37568?format=api", "vulnerability_id": "VCID-qspg-3tg3-p7ep", "summary": "Cryptographic Issues\nAttackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the `SignedInfo` part of the Signature.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03643", "scoring_system": "epss", "scoring_elements": "0.8806", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2172" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172" }, { "reference_url": "http://seclists.org/fulldisclosure/2014/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "reference_url": "https://github.com/apache/santuario-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java" }, { "reference_url": "https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590" }, { "reference_url": "https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f" }, { "reference_url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172" }, { "reference_url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h" }, { "reference_url": "https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3065", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-3065" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2028-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2028-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375", "reference_id": "720375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263", "reference_id": "999263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263" }, { "reference_url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", "reference_id": "CVE-2013-2172.TXT.ASC", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1217", "reference_id": "RHSA-2013:1217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1218", "reference_id": "RHSA-2013:1218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1219", "reference_id": "RHSA-2013:1219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1220", "reference_id": "RHSA-2013:1220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1375", "reference_id": "RHSA-2013:1375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1437", "reference_id": "RHSA-2013:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1853", "reference_id": "RHSA-2013:1853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0212", "reference_id": "RHSA-2014:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0400", "reference_id": "RHSA-2014:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1369", "reference_id": "RHSA-2014:1369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1369" } ], "fixed_packages": [], "aliases": [ "CVE-2013-2172", "GHSA-r237-w2w6-jq3p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qspg-3tg3-p7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37576?format=api", "vulnerability_id": "VCID-s3zg-vjk7-kkdg", "summary": "Authentication via cached credentials\nThe `DiagnosticsHandler` in this package allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.80087", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4112" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4112" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717031", "reference_id": "717031", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717031" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2013-4112", "reference_id": "CVE-2013-4112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2013-4112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1207", "reference_id": "RHSA-2013:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1208", "reference_id": "RHSA-2013:1208", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1208" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1209", "reference_id": "RHSA-2013:1209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1437", "reference_id": "RHSA-2013:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1771", "reference_id": "RHSA-2013:1771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0029", "reference_id": "RHSA-2014:0029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0029" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4112", "GHSA-cc62-496p-hrr7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3zg-vjk7-kkdg" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jboss-as-connector@7.2.1-5.Final_redhat_10.1.ep6%3Farch=el6" }