VulnerableCode Package Details - pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1:1.0.15-1.redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-58f1-hrv1-gqgp Aliases: CVE-2012-5575 GHSA-7v5v-9v8r-w864	Inadequate Encryption Strength in Apache CXF Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."	There are no reported fixed by versions.
VCID-afm2-uj45-xkgx Aliases: CVE-2013-2071 GHSA-3p5r-7cw3-2m67	java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.	There are no reported fixed by versions.
VCID-jtbd-bbrs-vbct Aliases: CVE-2012-4572	JBoss: custom authorization module implementations shared between applications	There are no reported fixed by versions.
VCID-man2-98t1-myav Aliases: CVE-2012-4529	Web: jsessionid exposed via encoded url when using cookie based session tracking	There are no reported fixed by versions.
VCID-p4dn-y54m-8fd1 Aliases: CVE-2012-3544 GHSA-qfxv-3ppc-7qg5	Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.	There are no reported fixed by versions.
VCID-rhk3-ujc1-q7fj Aliases: CVE-2012-3499	Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.	There are no reported fixed by versions.
VCID-ryha-ndms-afbn Aliases: CVE-2013-2067 GHSA-6m48-jxwx-76q7	java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.	There are no reported fixed by versions.
VCID-ssvj-7g27-1ug6 Aliases: CVE-2012-4558	A XSS flaw affected the mod_proxy_balancer manager interface.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-58f1-hrv1-gqgp
Aliases:
CVE-2012-5575
GHSA-7v5v-9v8r-w864

Inadequate Encryption Strength in Apache CXF Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."