Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jbossweb@2.1.12-3_patch_03.2.ep5?arch=el4
purl pkg:rpm/redhat/jbossweb@2.1.12-3_patch_03.2.ep5?arch=el4
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-1v6c-f56v-hqh1
Aliases:
CVE-2011-5062
GHSA-4f7h-9j2x-cmr4
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. There are no reported fixed by versions.
VCID-241m-q6vd-kudk
Aliases:
CVE-2011-2526
GHSA-9ggm-7897-x4mg
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. There are no reported fixed by versions.
VCID-8ebv-6941-jqdy
Aliases:
CVE-2011-5063
GHSA-hffm-fqv4-w27r
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. There are no reported fixed by versions.
VCID-d9ys-kxh6-nkgr
Aliases:
CVE-2011-1184
GHSA-q9xf-jwr4-v445
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. There are no reported fixed by versions.
VCID-egye-da2v-4ybh
Aliases:
CVE-2011-5064
GHSA-6cr4-7c7p-p3xv
Use of Hard-coded Cryptographic Key in Apache Tomcat DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. There are no reported fixed by versions.
VCID-hhk9-cr54-8fgc
Aliases:
CVE-2012-0022
GHSA-8h2q-qm9x-55jc
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. There are no reported fixed by versions.
VCID-mynk-ej6t-jygf
Aliases:
CVE-2011-4610
JBoss Web remote denial of service when surrogate pair character is placed at buffer boundary There are no reported fixed by versions.
VCID-zbbr-wded-9ffj
Aliases:
CVE-2011-4858
GHSA-wr3m-gw98-mc3j
Improper Input Validation in Apache Tomcat Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:56:31.022978+00:00 RedHat Importer Affected by VCID-241m-q6vd-kudk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2526.json 38.0.0
2026-04-01T14:56:20.344664+00:00 RedHat Importer Affected by VCID-egye-da2v-4ybh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5064.json 38.0.0
2026-04-01T14:56:20.198042+00:00 RedHat Importer Affected by VCID-8ebv-6941-jqdy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5063.json 38.0.0
2026-04-01T14:56:20.048781+00:00 RedHat Importer Affected by VCID-1v6c-f56v-hqh1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5062.json 38.0.0
2026-04-01T14:56:19.905189+00:00 RedHat Importer Affected by VCID-d9ys-kxh6-nkgr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1184.json 38.0.0
2026-04-01T14:56:08.081305+00:00 RedHat Importer Affected by VCID-zbbr-wded-9ffj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json 38.0.0
2026-04-01T14:55:58.770227+00:00 RedHat Importer Affected by VCID-hhk9-cr54-8fgc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json 38.0.0
2026-04-01T14:55:56.610011+00:00 RedHat Importer Affected by VCID-mynk-ej6t-jygf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4610.json 38.0.0