Search for packages
| purl | pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2?arch=el3 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-18j8-kwdv-dyak
Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc |
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. | There are no reported fixed by versions. |
|
VCID-27q8-96un-9fbk
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. | There are no reported fixed by versions. |
|
VCID-2jnv-segx-zkfd
Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq |
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. | There are no reported fixed by versions. |
|
VCID-3fbs-tg62-affp
Aliases: CVE-2007-2789 |
BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-3wbg-bxvj-1kca
Aliases: CVE-2004-0885 |
An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration. | There are no reported fixed by versions. |
|
VCID-4nky-wb1a-vyar
Aliases: CVE-2007-5240 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-4vg2-5kjx-7fge
Aliases: CVE-2005-3964 |
Two buffer overflows have been discovered in libUil, part of the OpenMotif toolkit, that can potentially lead to the execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-526j-yt52-53ag
Aliases: CVE-2005-0605 |
libxpm buffer overflow | There are no reported fixed by versions. |
|
VCID-6d1j-1n1r-7khr
Aliases: CVE-2006-0254 GHSA-2jxh-3cx8-xw65 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | There are no reported fixed by versions. |
|
VCID-6epr-2hbd-skcz
Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | There are no reported fixed by versions. |
|
VCID-6p3e-4u8s-17ep
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | There are no reported fixed by versions. |
|
VCID-7969-7a8h-zyhh
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. | There are no reported fixed by versions. |
|
VCID-87p8-zvvf-y7dm
Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5 |
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | There are no reported fixed by versions. |
|
VCID-88v7-kc2y-bfd7
Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr |
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. | There are no reported fixed by versions. |
|
VCID-8h6v-tdt7-kbf8
Aliases: CVE-2008-1195 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-9p71-wr2h-4qdp
Aliases: CVE-2007-1860 |
A directory traversal vulnerability has been discovered in Apache mod_jk. | There are no reported fixed by versions. |
|
VCID-9zzc-scyf-ckdb
Aliases: CVE-2007-1349 |
The mod_perl Apache module is vulnerable to a Denial of Service when processing regular expressions. | There are no reported fixed by versions. |
|
VCID-bhq7-d545-27bj
Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98 |
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. | There are no reported fixed by versions. |
|
VCID-d5e5-vaa8-wbdr
Aliases: CVE-2007-4381 |
BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-d9fa-tvr9-gqdw
Aliases: CVE-2008-1190 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-deym-ger9-87h2
Aliases: CVE-2007-5274 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-dqkp-f1my-dbg9
Aliases: CVE-2007-5000 |
A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible. | There are no reported fixed by versions. |
|
VCID-ds36-fjg3-jbg7
Aliases: CVE-2008-1189 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-e847-axx8-guct
Aliases: CVE-2004-0914 |
openmotif21 stack overflows in libxpm | There are no reported fixed by versions. |
|
VCID-fxfe-8v21-qkf9
Aliases: CVE-2007-5239 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-hbzj-mff2-j7f2
Aliases: CVE-2007-5232 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-j3mb-97k1-uuh9
Aliases: CVE-2006-5752 |
A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. | There are no reported fixed by versions. |
|
VCID-jt5d-3ema-nkdh
Aliases: CVE-2006-7197 GHSA-jpqr-vh55-xqxf |
Apache Tomcat Buffer Over-Read The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the `ajp_process_callback` in mod_jk, which allows remote attackers to read portions of sensitive memory. | There are no reported fixed by versions. |
|
VCID-jvhf-ecm7-fbb8
Aliases: CVE-2007-4465 |
Multiple vulnerabilities have been discovered in Apache, possibly resulting in a Denial of Service or the disclosure of sensitive information. | There are no reported fixed by versions. |
|
VCID-kgpj-aexq-7kah
Aliases: CVE-2007-6388 |
A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available. | There are no reported fixed by versions. |
|
VCID-peya-mr7j-vugf
Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq |
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. | There are no reported fixed by versions. |
|
VCID-pqcy-hw6d-mbh1
Aliases: CVE-2008-1192 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-q7jp-hn4a-4kec
Aliases: CVE-2005-4838 |
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. | There are no reported fixed by versions. |
|
VCID-qdck-q54n-rkcv
Aliases: CVE-2008-0128 |
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | There are no reported fixed by versions. |
|
VCID-qhun-34fa-xygm
Aliases: CVE-2007-2435 |
Multiple vulnerabilities have been discovered in emul-linux-x86-java, possibly resulting in the execution of arbitrary code or a Denial of Service. | There are no reported fixed by versions. |
|
VCID-qxkf-4ddv-j3b7
Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". | There are no reported fixed by versions. |
|
VCID-rgqm-umh2-pkc2
Aliases: CVE-2004-0688 |
openmotif21 stack overflows in libxpm | There are no reported fixed by versions. |
|
VCID-s828-4jhd-3be6
Aliases: CVE-2007-2788 |
BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-shkc-uvbb-3bgc
Aliases: CVE-2007-0243 |
Multiple unspecified vulnerabilities have been identified in Sun Java Development Kit (JDK) and Sun Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-skar-qk57-qkdv
Aliases: CVE-2006-7195 GHSA-p57v-p3fx-qgwm |
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. | There are no reported fixed by versions. |
|
VCID-srxw-jjvr-p3d5
Aliases: CVE-2007-3304 |
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. | There are no reported fixed by versions. |
|
VCID-tcju-3rvu-wkht
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. | There are no reported fixed by versions. |
|
VCID-tura-v7rv-ykda
Aliases: CVE-2006-1329 |
jabberd SASL DoS | There are no reported fixed by versions. |
|
VCID-ua4c-qyvs-7bfg
Aliases: CVE-2006-0898 |
Crypt::CBC uses an insecure initialization vector, potentially resulting in a weaker encryption. | There are no reported fixed by versions. |
|
VCID-w7g5-angw-yfcp
Aliases: CVE-2007-6306 |
JFreeChart: XSS vulnerabilities in the image map feature | There are no reported fixed by versions. |
|
VCID-x6r6-7bv1-e3d8
Aliases: CVE-2007-5238 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
|
VCID-y3e9-1986-ebdn
Aliases: CVE-2004-0687 |
openmotif21 stack overflows in libxpm | There are no reported fixed by versions. |
|
VCID-yugs-rwuf-q7gh
Aliases: CVE-2007-3698 |
BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-ywnv-p1xk-bfgm
Aliases: CVE-2007-5273 |
Multiple vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||