Search for packages
| purl | pkg:rpm/redhat/jboss-as-ejb3@7.5.9-2.Final_redhat_2.1.ep6?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-h873-uz9q-ebcr
Aliases: CVE-2016-2141 GHSA-rc7h-x6cq-988q |
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. | There are no reported fixed by versions. |
|
VCID-p6ch-pc73-b3ck
Aliases: CVE-2015-5174 GHSA-6qr6-x7jm-x2q6 |
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:37:49.245608+00:00 | RedHat Importer | Affected by | VCID-p6ch-pc73-b3ck | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5174.json | 38.0.0 |
| 2026-04-01T14:36:10.970071+00:00 | RedHat Importer | Affected by | VCID-h873-uz9q-ebcr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2141.json | 38.0.0 |