Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jakarta-commons-beanutils@1.8.0-4.1.2.1.jdk6.ep5?arch=el5
purl pkg:rpm/redhat/jakarta-commons-beanutils@1.8.0-4.1.2.1.jdk6.ep5?arch=el5
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-3cea-3rkm-r7gs
Aliases:
CVE-2011-0419
A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65) There are no reported fixed by versions.
VCID-56kt-8bg6-zbcj
Aliases:
CVE-2010-1452
A flaw was found in the handling of requests by mod_cache (2.2) and mod_dav (2.0 and 2.2). A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated as mod_dav is only affected by requests that are most likely to be authenticated, and mod_cache is only affected if the uncommon "CacheIgnoreURLSessionIdentifiers" directive, introduced in version 2.2.14, is used. There are no reported fixed by versions.
VCID-7kjm-p97s-zuh8
Aliases:
CVE-2010-1157
GHSA-w6q7-ww2x-7gm3
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. There are no reported fixed by versions.
VCID-886n-1vzv-syc6
Aliases:
CVE-2010-4172
GHSA-c78g-qwpw-2jgv
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. There are no reported fixed by versions.
VCID-dhun-hj5q-dfch
Aliases:
CVE-2011-0013
GHSA-3p86-xgrq-m6p6
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. There are no reported fixed by versions.
VCID-mpr2-q1gb-p7ce
Aliases:
CVE-2008-3273
JBossEAP status servlet info leak There are no reported fixed by versions.
VCID-n9e1-c2zs-zkdk
Aliases:
CVE-2012-4557
A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service. There are no reported fixed by versions.
VCID-tfn5-6ckq-wyce
Aliases:
CVE-2010-3718
GHSA-fj6c-prgj-gr3r
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. There are no reported fixed by versions.
VCID-y8nd-7h3r-7fh5
Aliases:
CVE-2010-1623
A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:58:55.819898+00:00 RedHat Importer Affected by VCID-mpr2-q1gb-p7ce https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3273.json 38.0.0
2026-04-01T14:57:16.960010+00:00 RedHat Importer Affected by VCID-7kjm-p97s-zuh8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1157.json 38.0.0
2026-04-01T14:57:08.414847+00:00 RedHat Importer Affected by VCID-56kt-8bg6-zbcj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1452.json 38.0.0
2026-04-01T14:57:02.816750+00:00 RedHat Importer Affected by VCID-y8nd-7h3r-7fh5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1623.json 38.0.0
2026-04-01T14:56:54.743228+00:00 RedHat Importer Affected by VCID-886n-1vzv-syc6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4172.json 38.0.0
2026-04-01T14:56:50.400933+00:00 RedHat Importer Affected by VCID-dhun-hj5q-dfch https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0013.json 38.0.0
2026-04-01T14:56:47.740021+00:00 RedHat Importer Affected by VCID-tfn5-6ckq-wyce https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3718.json 38.0.0
2026-04-01T14:56:36.432244+00:00 RedHat Importer Affected by VCID-3cea-3rkm-r7gs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0419.json 38.0.0
2026-04-01T14:56:00.812752+00:00 RedHat Importer Affected by VCID-n9e1-c2zs-zkdk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4557.json 38.0.0