VulnerableCode Package Details - pkg:rpm/redhat/hornetq@2.3.5-2.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-1bv2-mkj8-ubaz Aliases: CVE-2013-1862	mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.	There are no reported fixed by versions.
VCID-1xnm-nhqe-jqce Aliases: CVE-2013-1921	PicketBox: Insecure storage of masked passwords	There are no reported fixed by versions.
VCID-1yu9-avtx-cybv Aliases: CVE-2015-1844	foreman: API not scoping resources to taxonomies	There are no reported fixed by versions.
VCID-3tur-x8th-5ygj Aliases: CVE-2013-6495	Bayeux: Reflected Cross-Site Scripting (XSS)	There are no reported fixed by versions.
VCID-64x5-tgkj-9qb9 Aliases: CVE-2013-2172 GHSA-r237-w2w6-jq3p	jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."	There are no reported fixed by versions.
VCID-7f1h-1fw8-k7c4 Aliases: CVE-2015-3155	foreman: the _session_id cookie is issued without the Secure flag	There are no reported fixed by versions.
VCID-8axm-4anr-27ht Aliases: CVE-2013-1896	Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.	There are no reported fixed by versions.
VCID-8wen-twwa-8khm Aliases: CVE-2014-3653	foreman: cross-site scripting (XSS) flaw in template preview screen	There are no reported fixed by versions.
VCID-rc65-py17-kuhm Aliases: CVE-2015-1816	foreman: lack of SSL certificate validation when performing LDAPS authentication	There are no reported fixed by versions.
VCID-rhk3-ujc1-q7fj Aliases: CVE-2012-3499	Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.	There are no reported fixed by versions.
VCID-sqjb-qpyd-p7gn Aliases: CVE-2015-3235	foreman: edit_users permission allows changing of admin passwords	There are no reported fixed by versions.
VCID-ssvj-7g27-1ug6 Aliases: CVE-2012-4558	A XSS flaw affected the mod_proxy_balancer manager interface.	There are no reported fixed by versions.
VCID-tbug-mv5x-uucb Aliases: CVE-2013-4346 GHSA-4433-4cxq-vv73 PYSEC-2014-85	The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.	There are no reported fixed by versions.
VCID-utxw-251d-gfff Aliases: CVE-2014-3590	rhn_satellite_6: cross-site request forgery (CSRF) can force logout	There are no reported fixed by versions.
VCID-vsfy-3jf4-aqg7 Aliases: CVE-2013-4112 GHSA-cc62-496p-hrr7	Authentication via cached credentials The `DiagnosticsHandler` in this package allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.	There are no reported fixed by versions.
VCID-zkgb-14kz-33dz Aliases: CVE-2013-4347 GHSA-rv8h-p43r-4x5r PYSEC-2014-86	The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1bv2-mkj8-ubaz
Aliases:
CVE-2013-1862

mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.