VulnerableCode Package Details - pkg:rpm/redhat/jopr-jboss-as-5-plugin@3.0.0-16.EmbJopr5.ep5?arch=el6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/jopr-jboss-as-5-plugin@3.0.0-16.EmbJopr5.ep5?arch=el6

Essentials
History (14)

purl	pkg:rpm/redhat/jopr-jboss-as-5-plugin@3.0.0-16.EmbJopr5.ep5?arch=el6

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-12q8-kmyt-2ucz Aliases: CVE-2012-0034	Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs	There are no reported fixed by versions.
VCID-4cs8-eeu5-nkdd Aliases: CVE-2011-2730 GHSA-wv88-pf73-x22p	Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."	There are no reported fixed by versions.
VCID-6fnx-1373-ykcp Aliases: CVE-2012-5478	JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure	There are no reported fixed by versions.
VCID-7jen-jkj7-4qbf Aliases: CVE-2011-2487 GHSA-4qqf-hmv6-r6wh	Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.	There are no reported fixed by versions.
VCID-857p-jgm3-uqcm Aliases: CVE-2012-3370	JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided	There are no reported fixed by versions.
VCID-dgh6-78nn-f7dk Aliases: CVE-2011-4575	Console: XSS in invoke operation	There are no reported fixed by versions.
VCID-dzfs-mg5t-bygp Aliases: CVE-2012-2377	JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started	There are no reported fixed by versions.
VCID-g344-1cqq-3uff Aliases: CVE-2012-2379 GHSA-2g99-c67p-56hm	XML Signature/Encryption Not Validated in Apache CXF Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.	There are no reported fixed by versions.
VCID-jc6x-689b-nqbd Aliases: CVE-2009-5066	JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing	There are no reported fixed by versions.
VCID-mm8d-jy38-qqbt Aliases: CVE-2011-2908	CSRF on jmx-console allows invocation of operations on mbeans	There are no reported fixed by versions.
VCID-n5h9-jrx2-eqc7 Aliases: CVE-2012-0874	JBoss invoker servlets do not require authentication	There are no reported fixed by versions.
VCID-q5z8-n9t1-m7hb Aliases: CVE-2012-3546 GHSA-jgm2-m5cg-f66g	Authentication Bypass in Apache Tomcat org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.	There are no reported fixed by versions.
VCID-qh2k-zgeg-mucq Aliases: CVE-2011-1096	jbossws: Prone to character encoding pattern attack (XML Encryption flaw)	There are no reported fixed by versions.
VCID-wc44-nrrb-f7aw Aliases: CVE-2012-3369	JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T10:18:33.853071+00:00	RedHat Importer	Affected by	VCID-mm8d-jy38-qqbt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2908.json	38.6.0
2026-05-29T10:16:15.192334+00:00	RedHat Importer	Affected by	VCID-jc6x-689b-nqbd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5066.json	38.6.0
2026-05-29T10:13:44.944858+00:00	RedHat Importer	Affected by	VCID-4cs8-eeu5-nkdd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2730.json	38.6.0
2026-05-29T10:13:32.196461+00:00	RedHat Importer	Affected by	VCID-qh2k-zgeg-mucq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1096.json	38.6.0
2026-05-29T10:13:21.107985+00:00	RedHat Importer	Affected by	VCID-12q8-kmyt-2ucz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0034.json	38.6.0
2026-05-29T10:12:41.736435+00:00	RedHat Importer	Affected by	VCID-g344-1cqq-3uff	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2379.json	38.6.0
2026-05-29T10:12:15.820657+00:00	RedHat Importer	Affected by	VCID-dzfs-mg5t-bygp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2377.json	38.6.0
2026-05-29T10:11:41.966479+00:00	RedHat Importer	Affected by	VCID-7jen-jkj7-4qbf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2487.json	38.6.0
2026-05-29T10:10:55.490476+00:00	RedHat Importer	Affected by	VCID-q5z8-n9t1-m7hb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3546.json	38.6.0
2026-05-29T10:10:21.190987+00:00	RedHat Importer	Affected by	VCID-6fnx-1373-ykcp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5478.json	38.6.0
2026-05-29T10:10:18.103260+00:00	RedHat Importer	Affected by	VCID-857p-jgm3-uqcm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3370.json	38.6.0
2026-05-29T10:10:15.075687+00:00	RedHat Importer	Affected by	VCID-wc44-nrrb-f7aw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3369.json	38.6.0
2026-05-29T10:10:12.086018+00:00	RedHat Importer	Affected by	VCID-n5h9-jrx2-eqc7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0874.json	38.6.0
2026-05-29T10:10:08.724256+00:00	RedHat Importer	Affected by	VCID-dgh6-78nn-f7dk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4575.json	38.6.0