{"url":"http://public2.vulnerablecode.io/api/packages/118457?format=json","purl":"pkg:rpm/redhat/eap6-jansi@1.9.0-1.redhat_5.1.ep6?arch=el7","type":"rpm","namespace":"redhat","name":"eap6-jansi","version":"1.9.0-1.redhat_5.1.ep6","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85721?format=json","vulnerability_id":"VCID-11ay-rahr-13az","summary":"PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6254","reference_id":"","reference_type":"","scores":[{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.71894","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.71902","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.7192","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.71892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.71931","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.71942","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.71966","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.71949","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6254"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974359","reference_id":"1974359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974359"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"}],"fixed_packages":[],"aliases":["CVE-2015-6254"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11ay-rahr-13az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58059?format=json","vulnerability_id":"VCID-2n2t-jyg7-gbev","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8111","reference_id":"","reference_type":"","scores":[{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.88011","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.87951","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.87962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.87976","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.87979","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.88","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.88007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.88017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.8801","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1182591","reference_id":"1182591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1182591"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783233","reference_id":"783233","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1641","reference_id":"RHSA-2015:1641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1642","reference_id":"RHSA-2015:1642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1642"}],"fixed_packages":[],"aliases":["CVE-2014-8111"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2t-jyg7-gbev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85765?format=json","vulnerability_id":"VCID-2qzz-yezu-r3gc","summary":"CLI: Insecure default permissions on history file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3586","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23504","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23665","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23707","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23619","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23578","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23521","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3586"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126687","reference_id":"1126687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-3586"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qzz-yezu-r3gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15713?format=json","vulnerability_id":"VCID-6cjx-y4ey-e3b6","summary":"Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1376"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226","reference_id":"","reference_type":"","scores":[{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89896","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89899","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89917","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89934","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.8994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89948","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89946","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226"},{"reference_url":"https://github.com/apache/ws-wss4j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1621329","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1621329"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.securityfocus.com/bid/72553","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/72553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446","reference_id":"1191446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226","reference_id":"CVE-2015-0226","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226"},{"reference_url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc","reference_id":"CVE-2015-0226.TXT.ASC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5","reference_id":"GHSA-vjwc-5hfh-2vv5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[],"aliases":["CVE-2015-0226","GHSA-vjwc-5hfh-2vv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cjx-y4ey-e3b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4982?format=json","vulnerability_id":"VCID-cnmd-pk6j-fuae","summary":"Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227","reference_id":"","reference_type":"","scores":[{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.9428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94282","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94291","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94299","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.9426","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837"},{"reference_url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451","reference_id":"1191451","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227","reference_id":"CVE-2015-0227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227"},{"reference_url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc","reference_id":"CVE-2015-0227.TXT.ASC","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw","reference_id":"GHSA-6r5v-hp32-fjqw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[],"aliases":["CVE-2015-0227","GHSA-6r5v-hp32-fjqw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnmd-pk6j-fuae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85715?format=json","vulnerability_id":"VCID-khnh-k119-c7es","summary":"PicketLink: SP does not take Audience condition of a SAML assertion into account","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0277","reference_id":"","reference_type":"","scores":[{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67243","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.6728","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67345","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67365","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67353","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67318","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194832","reference_id":"1194832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"}],"fixed_packages":[],"aliases":["CVE-2015-0277"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khnh-k119-c7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85681?format=json","vulnerability_id":"VCID-q5jj-g31c-afgz","summary":"mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0298","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55126","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55229","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55279","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5529","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5527","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1197769","reference_id":"1197769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1197769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1641","reference_id":"RHSA-2015:1641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1642","reference_id":"RHSA-2015:1642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1642"}],"fixed_packages":[],"aliases":["CVE-2015-0298"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5jj-g31c-afgz"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap6-jansi@1.9.0-1.redhat_5.1.ep6%3Farch=el7"}