VulnerableCode Package Details - pkg:rpm/redhat/eap7-apache-cxf@3.1.16-2.redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-g7n5-h7g7-uqbn Aliases: CVE-2018-10934	wildfly-core: Cross-site scripting (XSS) in JBoss Management Console	There are no reported fixed by versions.
VCID-nmya-eyxd-9ybe Aliases: CVE-2018-1000632 GHSA-6pcc-3rfx-4gpm	dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.	There are no reported fixed by versions.
VCID-rqvc-k1jm-9kg9 Aliases: CVE-2018-14642 GHSA-vf6r-mmhc-3xcm	Information Exposure An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-g7n5-h7g7-uqbn
Aliases:
CVE-2018-10934

wildfly-core: Cross-site scripting (XSS) in JBoss Management Console

There are no reported fixed by versions.

VCID-nmya-eyxd-9ybe
Aliases:
CVE-2018-1000632
GHSA-6pcc-3rfx-4gpm

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

There are no reported fixed by versions.

VCID-rqvc-k1jm-9kg9
Aliases:
CVE-2018-14642
GHSA-vf6r-mmhc-3xcm

Information Exposure An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:23:48.991020+00:00	RedHat Importer	Affected by	VCID-nmya-eyxd-9ybe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000632.json	38.0.0
2026-04-01T14:22:51.059298+00:00	RedHat Importer	Affected by	VCID-g7n5-h7g7-uqbn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10934.json	38.0.0
2026-04-01T14:22:21.591765+00:00	RedHat Importer	Affected by	VCID-rqvc-k1jm-9kg9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json	38.0.0