Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jboss-as-jaxr@7.2.1-5.Final_redhat_10.1.ep6?arch=el5
purl pkg:rpm/redhat/jboss-as-jaxr@7.2.1-5.Final_redhat_10.1.ep6?arch=el5
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-46q1-bk98-dkc4
Aliases:
CVE-2013-1862
mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. There are no reported fixed by versions.
VCID-865j-s264-sqda
Aliases:
CVE-2013-4112
GHSA-cc62-496p-hrr7
Exposure of Sensitive Information to an Unauthorized Actor in JGroup The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. There are no reported fixed by versions.
VCID-b7qs-1bqj-7uep
Aliases:
CVE-2013-1896
Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. There are no reported fixed by versions.
VCID-h3n7-hcya-7fhv
Aliases:
CVE-2013-1921
PicketBox: Insecure storage of masked passwords There are no reported fixed by versions.
VCID-jmmw-2czz-skg4
Aliases:
CVE-2012-4558
A XSS flaw affected the mod_proxy_balancer manager interface. There are no reported fixed by versions.
VCID-q7x6-g8tx-hbcx
Aliases:
CVE-2013-6495
Bayeux: Reflected Cross-Site Scripting (XSS) There are no reported fixed by versions.
VCID-san1-sd49-43cv
Aliases:
CVE-2013-2172
GHSA-r237-w2w6-jq3p
Inefficient Algorithmic Complexity in Apache Santuario XML Security `jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java` in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." There are no reported fixed by versions.
VCID-yj41-1v7v-qqas
Aliases:
CVE-2012-3499
Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-29T10:09:39.498343+00:00 RedHat Importer Affected by VCID-jmmw-2czz-skg4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4558.json 38.6.0
2026-05-29T10:09:34.952873+00:00 RedHat Importer Affected by VCID-yj41-1v7v-qqas https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3499.json 38.6.0
2026-05-29T10:08:55.585206+00:00 RedHat Importer Affected by VCID-46q1-bk98-dkc4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1862.json 38.6.0
2026-05-29T10:08:10.091667+00:00 RedHat Importer Affected by VCID-b7qs-1bqj-7uep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1896.json 38.6.0
2026-05-29T10:07:43.544226+00:00 RedHat Importer Affected by VCID-san1-sd49-43cv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json 38.6.0
2026-05-29T10:07:37.028381+00:00 RedHat Importer Affected by VCID-865j-s264-sqda https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json 38.6.0
2026-05-29T10:07:25.892777+00:00 RedHat Importer Affected by VCID-h3n7-hcya-7fhv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1921.json 38.6.0
2026-05-29T10:04:37.225160+00:00 RedHat Importer Affected by VCID-q7x6-g8tx-hbcx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6495.json 38.6.0