Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jdom-eap6@1.1.2-6.redhat_4.1.ep6?arch=el6
purl pkg:rpm/redhat/jdom-eap6@1.1.2-6.redhat_4.1.ep6?arch=el6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-1zk6-7wv2-ukcz
Aliases:
CVE-2014-0118
A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration. There are no reported fixed by versions.
VCID-2khv-6pu7-akga
Aliases:
CVE-2014-0193
GHSA-7vpq-g998-qpv7
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. There are no reported fixed by versions.
VCID-a1by-zvtm-akdc
Aliases:
CVE-2014-0227
GHSA-42j3-498q-m6vp
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. There are no reported fixed by versions.
VCID-kpew-rarv-83dg
Aliases:
CVE-2014-0231
A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service. There are no reported fixed by versions.
VCID-p2wu-7yjs-bufa
Aliases:
CVE-2014-3464
WS: Incomplete fix for CVE-2013-2133 There are no reported fixed by versions.
VCID-tbud-pwyt-aye9
Aliases:
CVE-2014-0226
A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page. There are no reported fixed by versions.
VCID-zn4s-5jp5-sbh8
Aliases:
CVE-2014-3472
Security: Invalid EJB caller role check implementation There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:48:00.882190+00:00 RedHat Importer Affected by VCID-2khv-6pu7-akga https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0193.json 38.0.0
2026-04-01T14:47:10.447900+00:00 RedHat Importer Affected by VCID-tbud-pwyt-aye9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json 38.0.0
2026-04-01T14:47:02.737301+00:00 RedHat Importer Affected by VCID-1zk6-7wv2-ukcz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0118.json 38.0.0
2026-04-01T14:46:55.520990+00:00 RedHat Importer Affected by VCID-kpew-rarv-83dg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0231.json 38.0.0
2026-04-01T14:46:39.114591+00:00 RedHat Importer Affected by VCID-zn4s-5jp5-sbh8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3472.json 38.0.0
2026-04-01T14:46:34.236723+00:00 RedHat Importer Affected by VCID-p2wu-7yjs-bufa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3464.json 38.0.0
2026-04-01T14:44:10.756492+00:00 RedHat Importer Affected by VCID-a1by-zvtm-akdc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json 38.0.0