{"url":"http://public2.vulnerablecode.io/api/packages/112366?format=json","purl":"pkg:rpm/redhat/eap7-picketbox@4.9.8-1.Final_redhat_1.1.ep7?arch=el7","type":"rpm","namespace":"redhat","name":"eap7-picketbox","version":"4.9.8-1.Final_redhat_1.1.ep7","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9684?format=json","vulnerability_id":"VCID-77xn-dtdn-hfa2","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nIt was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2666","reference_id":"","reference_type":"","scores":[{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80375","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80385","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80389","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80382","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8033","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80357","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80346","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2666"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670"},{"reference_url":"https://github.com/advisories/GHSA-mcfm-h73v-635m","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mcfm-h73v-635m"},{"reference_url":"http://www.securityfocus.com/bid/98966","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436163","reference_id":"1436163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405","reference_id":"864405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2666","reference_id":"CVE-2017-2666","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"}],"fixed_packages":[],"aliases":["CVE-2017-2666","GHSA-mcfm-h73v-635m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77xn-dtdn-hfa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5052?format=json","vulnerability_id":"VCID-9zut-79gt-1bgy","summary":"It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670","reference_id":"","reference_type":"","scores":[{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90639","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.9065","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90665","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90659","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90617","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90631","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670"},{"reference_url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm"},{"reference_url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d"},{"reference_url":"http://www.securityfocus.com/bid/98965","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885","reference_id":"1438885","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405","reference_id":"864405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670","reference_id":"CVE-2017-2670","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"}],"fixed_packages":[],"aliases":["CVE-2017-2670","GHSA-3x7h-5hfr-hvjm"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zut-79gt-1bgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84255?format=json","vulnerability_id":"VCID-jtbq-4rr9-vud6","summary":"wildfly: Arbitrary file read via path traversal","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2595.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2595","reference_id":"","reference_type":"","scores":[{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.7804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.7806","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78086","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.7809","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78131","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413028","reference_id":"1413028","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1551","reference_id":"RHSA-2017:1551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1551"}],"fixed_packages":[],"aliases":["CVE-2017-2595"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtbq-4rr9-vud6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15360?format=json","vulnerability_id":"VCID-p3uc-ee2b-fff5","summary":"Improper Input Validation\nJBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1255.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-1255.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1253","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1254","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1256","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1260","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1410","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1411","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1412","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1675","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1676","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2909","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2913","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2913"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9606.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9606","reference_id":"","reference_type":"","scores":[{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84644","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84546","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84561","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84583","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84586","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84607","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84614","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84633","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84628","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84624","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9606"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400644","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9606"},{"reference_url":"https://github.com/resteasy/Resteasy","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/resteasy/Resteasy"},{"reference_url":"http://www.securityfocus.com/bid/94940","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94940"},{"reference_url":"http://www.securitytracker.com/id/1038524","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038524"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430","reference_id":"851430","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9606","reference_id":"CVE-2016-9606","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9606"},{"reference_url":"https://github.com/advisories/GHSA-hgjr-xwj3-jfvw","reference_id":"GHSA-hgjr-xwj3-jfvw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgjr-xwj3-jfvw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1255","reference_id":"RHSA-2017:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"}],"fixed_packages":[],"aliases":["CVE-2016-9606","GHSA-hgjr-xwj3-jfvw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3uc-ee2b-fff5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-picketbox@4.9.8-1.Final_redhat_1.1.ep7%3Farch=el7"}