VulnerableCode Package Details - pkg:rpm/redhat/struts12@1.2.9-2.ep5?arch=el5

Search for packages

Vulnerability	Summary	Fixed by
VCID-1qt3-ctae-sfgw Aliases: CVE-2009-2693 GHSA-ggx9-4728-588r	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.	There are no reported fixed by versions.
VCID-jau7-gfz8-dkfa Aliases: CVE-2009-3555 GHSA-f7w7-6pjc-wwm6 VU#120541	The renegotiation vulnerability in SSL protocol	There are no reported fixed by versions.
VCID-wsn2-pd9b-b3g8 Aliases: CVE-2009-2902 GHSA-8wch-9gcg-v2pr	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.	There are no reported fixed by versions.
VCID-y94t-fwsg-sfey Aliases: CVE-2010-2086 GHSA-92cv-wv2c-8899	Apache MyFaces Cross-site Scripting vulnerability Apache MyFaces 1.1.7 and 1.2.8 (All previous versions are likely vulnerable), as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1qt3-ctae-sfgw
Aliases:
CVE-2009-2693
GHSA-ggx9-4728-588r

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

There are no reported fixed by versions.

VCID-jau7-gfz8-dkfa
Aliases:
CVE-2009-3555
GHSA-f7w7-6pjc-wwm6
VU#120541

The renegotiation vulnerability in SSL protocol

There are no reported fixed by versions.

VCID-wsn2-pd9b-b3g8
Aliases:
CVE-2009-2902
GHSA-8wch-9gcg-v2pr

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

There are no reported fixed by versions.

VCID-y94t-fwsg-sfey
Aliases:
CVE-2010-2086
GHSA-92cv-wv2c-8899

Apache MyFaces Cross-site Scripting vulnerability Apache MyFaces 1.1.7 and 1.2.8 (All previous versions are likely vulnerable), as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:57:31.818663+00:00	RedHat Importer	Affected by	VCID-jau7-gfz8-dkfa	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json	38.0.0
2026-04-01T14:57:25.703591+00:00	RedHat Importer	Affected by	VCID-wsn2-pd9b-b3g8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2902.json	38.0.0
2026-04-01T14:57:25.458014+00:00	RedHat Importer	Affected by	VCID-1qt3-ctae-sfgw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2693.json	38.0.0
2026-04-01T14:57:24.645095+00:00	RedHat Importer	Affected by	VCID-y94t-fwsg-sfey	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2086.json	38.0.0