VulnerableCode Package Details - pkg:rpm/redhat/dom4j@1.6.1-14_redhat_3.ep6?arch=el5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/dom4j@1.6.1-14_redhat_3.ep6?arch=el5

Essentials
History (9)

purl	pkg:rpm/redhat/dom4j@1.6.1-14_redhat_3.ep6?arch=el5

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-1mve-hkqr-nkb9 Aliases: CVE-2008-0455	httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled	There are no reported fixed by versions.
VCID-3yhg-euj2-3qhw Aliases: CVE-2012-3451 GHSA-55j7-f5wf-43m4	Remote web-service operation execution in Apache CXF Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.	There are no reported fixed by versions.
VCID-5ftu-g52w-ckh2 Aliases: CVE-2012-2378 GHSA-vjpc-vf4f-82qg	Improper Authentication in Apache CXF Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.	There are no reported fixed by versions.
VCID-9yac-j5w3-4fc2 Aliases: CVE-2012-4550		There are no reported fixed by versions.
VCID-g344-1cqq-3uff Aliases: CVE-2012-2379 GHSA-2g99-c67p-56hm	XML Signature/Encryption Not Validated in Apache CXF Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.	There are no reported fixed by versions.
VCID-g8np-6hwp-quc9 Aliases: CVE-2012-2687	Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455.	There are no reported fixed by versions.
VCID-mj73-cvxn-kffb Aliases: CVE-2012-3428 GHSA-ppg2-ww3w-hq84	User confusion in IronJacamar The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.	There are no reported fixed by versions.
VCID-qgnp-9z7z-9qc1 Aliases: CVE-2012-4549		There are no reported fixed by versions.
VCID-tf4d-2k87-2bfu Aliases: CVE-2012-2672	Mojarra: deployed web applications can read FacesContext from other applications under certain conditions	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T10:12:48.858230+00:00	RedHat Importer	Affected by	VCID-tf4d-2k87-2bfu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2672.json	38.6.0
2026-05-29T10:12:33.495574+00:00	RedHat Importer	Affected by	VCID-g344-1cqq-3uff	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2379.json	38.6.0
2026-05-29T10:12:24.811887+00:00	RedHat Importer	Affected by	VCID-5ftu-g52w-ckh2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2378.json	38.6.0
2026-05-29T10:12:08.877110+00:00	RedHat Importer	Affected by	VCID-g8np-6hwp-quc9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2687.json	38.6.0
2026-05-29T10:12:00.359444+00:00	RedHat Importer	Affected by	VCID-1mve-hkqr-nkb9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0455.json	38.6.0
2026-05-29T10:11:33.508300+00:00	RedHat Importer	Affected by	VCID-3yhg-euj2-3qhw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3451.json	38.6.0
2026-05-29T10:10:48.100742+00:00	RedHat Importer	Affected by	VCID-mj73-cvxn-kffb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3428.json	38.6.0
2026-05-29T10:10:39.459875+00:00	RedHat Importer	Affected by	VCID-9yac-j5w3-4fc2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4550.json	38.6.0
2026-05-29T10:10:31.688091+00:00	RedHat Importer	Affected by	VCID-qgnp-9z7z-9qc1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4549.json	38.6.0