Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/mod_perl@2.0.2-12?arch=el4
purl pkg:rpm/redhat/mod_perl@2.0.2-12?arch=el4
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-27q8-96un-9fbk
Aliases:
CVE-2007-1355
GHSA-4c6x-gfc8-c26r
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. There are no reported fixed by versions.
VCID-6d1j-1n1r-7khr
Aliases:
CVE-2006-0254
GHSA-2jxh-3cx8-xw65
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. There are no reported fixed by versions.
VCID-88v7-kc2y-bfd7
Aliases:
CVE-2007-5461
GHSA-v5p2-vg3c-pmrr
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. There are no reported fixed by versions.
VCID-9zzc-scyf-ckdb
Aliases:
CVE-2007-1349
The mod_perl Apache module is vulnerable to a Denial of Service when processing regular expressions. There are no reported fixed by versions.
VCID-peya-mr7j-vugf
Aliases:
CVE-2007-2449
GHSA-hc39-rjwp-qffq
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. There are no reported fixed by versions.
VCID-q7jp-hn4a-4kec
Aliases:
CVE-2005-4838
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. There are no reported fixed by versions.
VCID-qdck-q54n-rkcv
Aliases:
CVE-2008-0128
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. There are no reported fixed by versions.
VCID-qxkf-4ddv-j3b7
Aliases:
CVE-2007-1358
GHSA-xmc9-6p56-3c4v
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". There are no reported fixed by versions.
VCID-ua4c-qyvs-7bfg
Aliases:
CVE-2006-0898
Crypt::CBC uses an insecure initialization vector, potentially resulting in a weaker encryption. There are no reported fixed by versions.
VCID-w7g5-angw-yfcp
Aliases:
CVE-2007-6306
JFreeChart: XSS vulnerabilities in the image map feature There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:00:46.718123+00:00 RedHat Importer Affected by VCID-q7jp-hn4a-4kec https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4838.json 38.0.0
2026-04-01T15:00:26.603189+00:00 RedHat Importer Affected by VCID-6d1j-1n1r-7khr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0254.json 38.0.0
2026-04-01T15:00:25.551355+00:00 RedHat Importer Affected by VCID-ua4c-qyvs-7bfg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0898.json 38.0.0
2026-04-01T15:00:10.553970+00:00 RedHat Importer Affected by VCID-qdck-q54n-rkcv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json 38.0.0
2026-04-01T14:59:55.871496+00:00 RedHat Importer Affected by VCID-9zzc-scyf-ckdb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1349.json 38.0.0
2026-04-01T14:59:50.311339+00:00 RedHat Importer Affected by VCID-27q8-96un-9fbk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1355.json 38.0.0
2026-04-01T14:59:46.827962+00:00 RedHat Importer Affected by VCID-qxkf-4ddv-j3b7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1358.json 38.0.0
2026-04-01T14:59:45.825126+00:00 RedHat Importer Affected by VCID-peya-mr7j-vugf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2449.json 38.0.0
2026-04-01T14:59:31.953551+00:00 RedHat Importer Affected by VCID-88v7-kc2y-bfd7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json 38.0.0
2026-04-01T14:59:23.933131+00:00 RedHat Importer Affected by VCID-w7g5-angw-yfcp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6306.json 38.0.0