VulnerableCode Package Details - pkg:rpm/redhat/resteasy@2.3.6-1.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-58f1-hrv1-gqgp Aliases: CVE-2012-5575 GHSA-7v5v-9v8r-w864	Inadequate Encryption Strength in Apache CXF Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."	There are no reported fixed by versions.
VCID-jtbd-bbrs-vbct Aliases: CVE-2012-4572	JBoss: custom authorization module implementations shared between applications	There are no reported fixed by versions.
VCID-man2-98t1-myav Aliases: CVE-2012-4529	Web: jsessionid exposed via encoded url when using cookie based session tracking	There are no reported fixed by versions.
VCID-ryha-ndms-afbn Aliases: CVE-2013-2067 GHSA-6m48-jxwx-76q7	java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-58f1-hrv1-gqgp
Aliases:
CVE-2012-5575
GHSA-7v5v-9v8r-w864

Inadequate Encryption Strength in Apache CXF Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

There are no reported fixed by versions.

VCID-jtbd-bbrs-vbct
Aliases:
CVE-2012-4572

JBoss: custom authorization module implementations shared between applications

There are no reported fixed by versions.

VCID-man2-98t1-myav
Aliases:
CVE-2012-4529

Web: jsessionid exposed via encoded url when using cookie based session tracking

There are no reported fixed by versions.

VCID-ryha-ndms-afbn
Aliases:
CVE-2013-2067
GHSA-6m48-jxwx-76q7

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:53:55.656900+00:00	RedHat Importer	Affected by	VCID-man2-98t1-myav	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4529.json	38.0.0
2026-04-01T14:52:04.622478+00:00	RedHat Importer	Affected by	VCID-58f1-hrv1-gqgp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5575.json	38.0.0
2026-04-01T14:51:22.410728+00:00	RedHat Importer	Affected by	VCID-ryha-ndms-afbn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2067.json	38.0.0
2026-04-01T14:50:59.732053+00:00	RedHat Importer	Affected by	VCID-jtbd-bbrs-vbct	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4572.json	38.0.0