VulnerableCode Package Details - pkg:rpm/redhat/jbossas@4.2.0-3.GA

Search for packages

Vulnerability	Summary	Fixed by
VCID-88v7-kc2y-bfd7 Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr	Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.	There are no reported fixed by versions.
VCID-phgm-ct5c-a3fu Aliases: CVE-2007-6433	EJBQL injection via 'order' parameter	There are no reported fixed by versions.
VCID-t9y6-suc2-2kcg Aliases: CVE-2008-0002 GHSA-5x5f-9r6q-q7mh	Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.	There are no reported fixed by versions.
VCID-w7g5-angw-yfcp Aliases: CVE-2007-6306	JFreeChart: XSS vulnerabilities in the image map feature	There are no reported fixed by versions.
VCID-ymqq-9gmh-6kfn Aliases: CVE-2007-4575	An unspecified vulnerability has been reported in OpenOffice.org, possibly allowing for the execution of arbitrary code.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-88v7-kc2y-bfd7
Aliases:
CVE-2007-5461
GHSA-v5p2-vg3c-pmrr

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.