Search for packages
| purl | pkg:rpm/redhat/jbossweb@2.0.0-6.CP14.0jpp.ep1.1?arch=el4 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7kjm-p97s-zuh8
Aliases: CVE-2010-1157 GHSA-w6q7-ww2x-7gm3 |
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. | There are no reported fixed by versions. |
|
VCID-f2zy-gq57-ufat
Aliases: CVE-2010-2227 GHSA-cxg2-49rq-8gcr |
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:57:16.690384+00:00 | RedHat Importer | Affected by | VCID-7kjm-p97s-zuh8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1157.json | 38.0.0 |
| 2026-04-01T14:57:10.154485+00:00 | RedHat Importer | Affected by | VCID-f2zy-gq57-ufat | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2227.json | 38.0.0 |