VulnerableCode Package Details - pkg:rpm/redhat/objectweb-asm-eap6@3.3.1-8.redhat_9.1.ep6?arch=el5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/objectweb-asm-eap6@3.3.1-8.redhat_9.1.ep6?arch=el5

Essentials
History (7)

purl	pkg:rpm/redhat/objectweb-asm-eap6@3.3.1-8.redhat_9.1.ep6?arch=el5

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-11ay-rahr-13az Aliases: CVE-2015-6254	PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion	There are no reported fixed by versions.
VCID-2n2t-jyg7-gbev Aliases: CVE-2014-8111	security update	There are no reported fixed by versions.
VCID-2qzz-yezu-r3gc Aliases: CVE-2014-3586	CLI: Insecure default permissions on history file	There are no reported fixed by versions.
VCID-6cjx-y4ey-e3b6 Aliases: CVE-2015-0226 GHSA-vjwc-5hfh-2vv5	Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.	There are no reported fixed by versions.
VCID-cnmd-pk6j-fuae Aliases: CVE-2015-0227 GHSA-6r5v-hp32-fjqw	Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."	There are no reported fixed by versions.
VCID-khnh-k119-c7es Aliases: CVE-2015-0277	PicketLink: SP does not take Audience condition of a SAML assertion into account	There are no reported fixed by versions.
VCID-q5jj-g31c-afgz Aliases: CVE-2015-0298	mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:43:55.578139+00:00	RedHat Importer	Affected by	VCID-cnmd-pk6j-fuae	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json	38.0.0
2026-04-01T14:43:43.763692+00:00	RedHat Importer	Affected by	VCID-6cjx-y4ey-e3b6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json	38.0.0
2026-04-01T14:42:42.369695+00:00	RedHat Importer	Affected by	VCID-2qzz-yezu-r3gc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json	38.0.0
2026-04-01T14:42:01.661165+00:00	RedHat Importer	Affected by	VCID-11ay-rahr-13az	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json	38.0.0
2026-04-01T14:41:47.933648+00:00	RedHat Importer	Affected by	VCID-khnh-k119-c7es	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json	38.0.0
2026-04-01T14:41:36.645358+00:00	RedHat Importer	Affected by	VCID-2n2t-jyg7-gbev	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json	38.0.0
2026-04-01T14:41:10.700897+00:00	RedHat Importer	Affected by	VCID-q5jj-g31c-afgz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json	38.0.0