VulnerableCode Package Details - pkg:rpm/redhat/jbossas@4.0.5-2.CP04.el4s1?arch=2

Search for packages

Vulnerability	Summary	Fixed by
VCID-6epr-2hbd-skcz Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4	Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."	There are no reported fixed by versions.
VCID-87p8-zvvf-y7dm Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5	Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.	There are no reported fixed by versions.
VCID-qxkf-4ddv-j3b7 Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v	Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6epr-2hbd-skcz
Aliases:
CVE-2005-2090
GHSA-f2gq-p6qv-ccw4

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

There are no reported fixed by versions.

VCID-87p8-zvvf-y7dm
Aliases:
CVE-2007-0450
GHSA-4prh-gqw8-rgh5

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

There are no reported fixed by versions.

VCID-qxkf-4ddv-j3b7
Aliases:
CVE-2007-1358
GHSA-xmc9-6p56-3c4v

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:00:36.540250+00:00	RedHat Importer	Affected by	VCID-6epr-2hbd-skcz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json	38.0.0
2026-04-01T14:59:57.481980+00:00	RedHat Importer	Affected by	VCID-87p8-zvvf-y7dm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json	38.0.0
2026-04-01T14:59:47.253450+00:00	RedHat Importer	Affected by	VCID-qxkf-4ddv-j3b7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json	38.0.0