Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jboss-as-jacorb@7.2.1-5.Final_redhat_10.1.ep6?arch=el5
purl pkg:rpm/redhat/jboss-as-jacorb@7.2.1-5.Final_redhat_10.1.ep6?arch=el5
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-1bv2-mkj8-ubaz
Aliases:
CVE-2013-1862
mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. There are no reported fixed by versions.
VCID-1xnm-nhqe-jqce
Aliases:
CVE-2013-1921
PicketBox: Insecure storage of masked passwords There are no reported fixed by versions.
VCID-3tur-x8th-5ygj
Aliases:
CVE-2013-6495
Bayeux: Reflected Cross-Site Scripting (XSS) There are no reported fixed by versions.
VCID-64x5-tgkj-9qb9
Aliases:
CVE-2013-2172
GHSA-r237-w2w6-jq3p
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." There are no reported fixed by versions.
VCID-8axm-4anr-27ht
Aliases:
CVE-2013-1896
Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. There are no reported fixed by versions.
VCID-rhk3-ujc1-q7fj
Aliases:
CVE-2012-3499
Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. There are no reported fixed by versions.
VCID-ssvj-7g27-1ug6
Aliases:
CVE-2012-4558
A XSS flaw affected the mod_proxy_balancer manager interface. There are no reported fixed by versions.
VCID-vsfy-3jf4-aqg7
Aliases:
CVE-2013-4112
GHSA-cc62-496p-hrr7
Authentication via cached credentials The `DiagnosticsHandler` in this package allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:52:24.956477+00:00 RedHat Importer Affected by VCID-ssvj-7g27-1ug6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4558.json 38.0.0
2026-04-01T14:52:20.686895+00:00 RedHat Importer Affected by VCID-rhk3-ujc1-q7fj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3499.json 38.0.0
2026-04-01T14:51:42.464339+00:00 RedHat Importer Affected by VCID-1bv2-mkj8-ubaz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1862.json 38.0.0
2026-04-01T14:50:57.261130+00:00 RedHat Importer Affected by VCID-8axm-4anr-27ht https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1896.json 38.0.0
2026-04-01T14:50:31.743705+00:00 RedHat Importer Affected by VCID-64x5-tgkj-9qb9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json 38.0.0
2026-04-01T14:50:25.016651+00:00 RedHat Importer Affected by VCID-vsfy-3jf4-aqg7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json 38.0.0
2026-04-01T14:50:13.936987+00:00 RedHat Importer Affected by VCID-1xnm-nhqe-jqce https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1921.json 38.0.0
2026-04-01T14:47:28.775020+00:00 RedHat Importer Affected by VCID-3tur-x8th-5ygj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6495.json 38.0.0