Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jboss-as-ee@7.1.3-4.Final_redhat_4.ep6?arch=el5
purl pkg:rpm/redhat/jboss-as-ee@7.1.3-4.Final_redhat_4.ep6?arch=el5
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-1rtf-aum8-33hg
Aliases:
CVE-2012-2672
Mojarra: deployed web applications can read FacesContext from other applications under certain conditions There are no reported fixed by versions.
VCID-6bez-sgg8-cbbq
Aliases:
CVE-2012-2687
Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455. There are no reported fixed by versions.
VCID-741u-yuv6-nkcy
Aliases:
CVE-2008-0455
Multiple vulnerabilities have been discovered in Apache. There are no reported fixed by versions.
VCID-b91g-m3nt-1bgq
Aliases:
CVE-2012-2379
GHSA-2g99-c67p-56hm
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. There are no reported fixed by versions.
VCID-n8bd-use6-pbb2
Aliases:
CVE-2012-3451
GHSA-55j7-f5wf-43m4
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. There are no reported fixed by versions.
VCID-r1z5-kjn6-kuea
Aliases:
CVE-2012-3428
GHSA-ppg2-ww3w-hq84
User confusion in IronJacamar The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt. There are no reported fixed by versions.
VCID-z5eh-y2gp-vub8
Aliases:
CVE-2012-2378
GHSA-vjpc-vf4f-82qg
Improper Authentication in Apache CXF Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:55:34.340637+00:00 RedHat Importer Affected by VCID-1rtf-aum8-33hg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2672.json 38.0.0
2026-04-01T14:55:21.394165+00:00 RedHat Importer Affected by VCID-b91g-m3nt-1bgq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2379.json 38.0.0
2026-04-01T14:55:08.945959+00:00 RedHat Importer Affected by VCID-z5eh-y2gp-vub8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2378.json 38.0.0
2026-04-01T14:54:52.237877+00:00 RedHat Importer Affected by VCID-6bez-sgg8-cbbq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2687.json 38.0.0
2026-04-01T14:54:44.410819+00:00 RedHat Importer Affected by VCID-741u-yuv6-nkcy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0455.json 38.0.0
2026-04-01T14:54:16.408066+00:00 RedHat Importer Affected by VCID-n8bd-use6-pbb2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3451.json 38.0.0
2026-04-01T14:53:27.124921+00:00 RedHat Importer Affected by VCID-r1z5-kjn6-kuea https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3428.json 38.0.0