VulnerableCode Package Details - pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1?arch=el4

Search for packages

Vulnerability	Summary	Fixed by
VCID-a9cu-fxqw-xkdg Aliases: CVE-2008-1232 GHSA-q74x-qqhr-f8rx	Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.	There are no reported fixed by versions.
VCID-acmu-9eqb-fya5 Aliases: CVE-2008-2370 GHSA-m8h8-6rvg-f4mg	Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.	There are no reported fixed by versions.
VCID-rwvj-tq6x-2ubs Aliases: CVE-2008-2938 GHSA-m7xj-ccqc-p4g2	Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-a9cu-fxqw-xkdg
Aliases:
CVE-2008-1232
GHSA-q74x-qqhr-f8rx

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

There are no reported fixed by versions.

VCID-acmu-9eqb-fya5
Aliases:
CVE-2008-2370
GHSA-m8h8-6rvg-f4mg

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

There are no reported fixed by versions.

VCID-rwvj-tq6x-2ubs
Aliases:
CVE-2008-2938
GHSA-m7xj-ccqc-p4g2

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:58:57.905565+00:00	RedHat Importer	Affected by	VCID-acmu-9eqb-fya5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2370.json	38.0.0
2026-04-01T14:58:57.659858+00:00	RedHat Importer	Affected by	VCID-a9cu-fxqw-xkdg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1232.json	38.0.0
2026-04-01T14:58:52.401777+00:00	RedHat Importer	Affected by	VCID-rwvj-tq6x-2ubs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2938.json	38.0.0