{"url":"http://public2.vulnerablecode.io/api/packages/129064?format=json","purl":"pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1?arch=el5","type":"rpm","namespace":"redhat","name":"jboss-aop","version":"1.5.5-1.CP01.0jpp.ep1.1","qualifiers":{"arch":"el5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4763?format=json","vulnerability_id":"VCID-88v7-kc2y-bfd7","summary":"Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.","references":[{"reference_url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"},{"reference_url":"http://issues.apache.org/jira/browse/GERONIMO-3549","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://issues.apache.org/jira/browse/GERONIMO-3549"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://marc.info/?l=full-disclosure&m=119239530508382","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=full-disclosure&m=119239530508382"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5461","reference_id":"","reference_type":"","scores":[{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.9102","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.91009","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.91","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.91002","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90988","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90972","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90955","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90957","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.9096","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90925","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.9091","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90898","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90888","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90878","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90947","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90946","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90948","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5461"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-10.xml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200804-10.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c"},{"reference_url":"https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1447","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1447"},{"reference_url":"http://www.debian.org/security/2008/dsa-1453","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1453"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=333791","reference_id":"333791","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=333791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461","reference_id":"CVE-2007-5461","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl","reference_id":"CVE-2007-5461","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461","reference_id":"CVE-2007-5461","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461"},{"reference_url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr","reference_id":"GHSA-v5p2-vg3c-pmrr","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr"},{"reference_url":"https://security.gentoo.org/glsa/200804-10","reference_id":"GLSA-200804-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-10"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl","reference_id":"OSVDB-38187;CVE-2007-5461","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0042","reference_id":"RHSA-2008:0042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0195","reference_id":"RHSA-2008:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2007-5461","GHSA-v5p2-vg3c-pmrr"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88v7-kc2y-bfd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14086?format=json","vulnerability_id":"VCID-kfr5-vfjf-xbc7","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0828.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2008-0828.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1285.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1285","reference_id":"","reference_type":"","scores":[{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.6821","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68192","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68169","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70667","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70561","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.7057","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70544","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70584","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70616","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70586","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70614","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70425","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.7047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70486","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.7051","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70495","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70481","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70523","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70531","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70511","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1285"},{"reference_url":"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=437082","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=437082"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41081","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41081"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=437082","reference_id":"437082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=437082"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1285","reference_id":"CVE-2008-1285","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1285"},{"reference_url":"https://github.com/advisories/GHSA-vv6j-5x58-q2c3","reference_id":"GHSA-vv6j-5x58-q2c3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv6j-5x58-q2c3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0825","reference_id":"RHSA-2008:0825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0826","reference_id":"RHSA-2008:0826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0827","reference_id":"RHSA-2008:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0828","reference_id":"RHSA-2008:0828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0828"}],"fixed_packages":[],"aliases":["CVE-2008-1285","GHSA-vv6j-5x58-q2c3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfr5-vfjf-xbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88398?format=json","vulnerability_id":"VCID-mpr2-q1gb-p7ce","summary":"JBossEAP status servlet info leak","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=132698550418872&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0825.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2008-0825.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0826.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2008-0826.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0827.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2008-0827.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0828.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2008-0828.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3273.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3273.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3273","reference_id":"","reference_type":"","scores":[{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97445","published_at":"2026-05-14T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97376","published_at":"2026-04-01T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97387","published_at":"2026-04-04T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97395","published_at":"2026-04-08T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97396","published_at":"2026-04-09T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97398","published_at":"2026-04-11T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97399","published_at":"2026-04-13T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97407","published_at":"2026-04-16T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.9741","published_at":"2026-04-21T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97411","published_at":"2026-04-24T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97413","published_at":"2026-04-26T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97416","published_at":"2026-04-29T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97421","published_at":"2026-05-05T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97424","published_at":"2026-05-07T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97428","published_at":"2026-05-09T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97431","published_at":"2026-05-11T12:55:00Z"},{"value":"0.414","scoring_system":"epss","scoring_elements":"0.97436","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3273"},{"reference_url":"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44235","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44235"},{"reference_url":"https://jira.jboss.org/jira/browse/JBPAPP-544","reference_id":"","reference_type":"","scores":[],"url":"https://jira.jboss.org/jira/browse/JBPAPP-544"},{"reference_url":"http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html"},{"reference_url":"http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/"},{"reference_url":"http://www.securityfocus.com/bid/30540","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/30540"},{"reference_url":"http://www.securitytracker.com/id?1020628","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=457757","reference_id":"457757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=457757"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jboss:enterprise_application_platform:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jboss:enterprise_application_platform:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jboss:enterprise_application_platform:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp01:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp01:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp01:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp02:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp02:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp02:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3273","reference_id":"CVE-2008-3273","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0825","reference_id":"RHSA-2008:0825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0826","reference_id":"RHSA-2008:0826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0827","reference_id":"RHSA-2008:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0828","reference_id":"RHSA-2008:0828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0828"}],"fixed_packages":[],"aliases":["CVE-2008-3273"],"risk_score":9.0,"exploitability":"2.0","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpr2-q1gb-p7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88552?format=json","vulnerability_id":"VCID-phgm-ct5c-a3fu","summary":"EJBQL injection via 'order' parameter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6433.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6433.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6433","reference_id":"","reference_type":"","scores":[{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85081","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85111","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85137","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85144","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85159","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85173","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85175","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85196","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85205","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85203","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85217","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85242","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85262","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85256","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85271","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85307","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6433"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=426206","reference_id":"426206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=426206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"}],"fixed_packages":[],"aliases":["CVE-2007-6433"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phgm-ct5c-a3fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4768?format=json","vulnerability_id":"VCID-t9y6-suc2-2kcg","summary":"Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0002.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0002.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0002","reference_id":"","reference_type":"","scores":[{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88592","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88602","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88606","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88536","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88562","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88565","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88583","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88588","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.886","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04362","scoring_system":"epss","scoring_elements":"0.89011","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04362","scoring_system":"epss","scoring_elements":"0.89016","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04362","scoring_system":"epss","scoring_elements":"0.89022","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04362","scoring_system":"epss","scoring_elements":"0.89025","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04362","scoring_system":"epss","scoring_elements":"0.89044","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04362","scoring_system":"epss","scoring_elements":"0.88997","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04362","scoring_system":"epss","scoring_elements":"0.8899","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0002"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-10.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200804-10.xml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://web.archive.org/web/20080214133036/http://secunia.com/advisories/28915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080214133036/http://secunia.com/advisories/28915"},{"reference_url":"https://web.archive.org/web/20080715062302/http://secunia.com/advisories/29711","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080715062302/http://secunia.com/advisories/29711"},{"reference_url":"https://web.archive.org/web/20080724052339/http://secunia.com/advisories/28834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080724052339/http://secunia.com/advisories/28834"},{"reference_url":"https://web.archive.org/web/20081012021650/http://www.securityfocus.com/bid/27703","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081012021650/http://www.securityfocus.com/bid/27703"},{"reference_url":"https://web.archive.org/web/20081013050642/http://secunia.com/advisories/32222","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081013050642/http://secunia.com/advisories/32222"},{"reference_url":"https://web.archive.org/web/20081120062646/http://securityreason.com/securityalert/3638","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081120062646/http://securityreason.com/securityalert/3638"},{"reference_url":"https://web.archive.org/web/20081121133027/http://www.securityfocus.com/archive/1/487812/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081121133027/http://www.securityfocus.com/archive/1/487812/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20091125140215/http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20091125140215/http://secunia.com/advisories/37460"},{"reference_url":"https://web.archive.org/web/20120825080137/http://www.securityfocus.com/bid/31681","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120825080137/http://www.securityfocus.com/bid/31681"},{"reference_url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=432327","reference_id":"432327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002","reference_id":"CVE-2008-0002","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0002","reference_id":"CVE-2008-0002","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0002"},{"reference_url":"https://github.com/advisories/GHSA-5x5f-9r6q-q7mh","reference_id":"GHSA-5x5f-9r6q-q7mh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5x5f-9r6q-q7mh"},{"reference_url":"https://security.gentoo.org/glsa/200804-10","reference_id":"GLSA-200804-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"}],"fixed_packages":[],"aliases":["CVE-2008-0002","GHSA-5x5f-9r6q-q7mh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9y6-suc2-2kcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88566?format=json","vulnerability_id":"VCID-w7g5-angw-yfcp","summary":"JFreeChart: XSS vulnerabilities in the image map feature","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6306.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6306","reference_id":"","reference_type":"","scores":[{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84424","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84439","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84458","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84459","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84688","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84714","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84709","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84725","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84726","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84728","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84765","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.8478","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84805","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84823","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84818","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84835","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84867","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=421081","reference_id":"421081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=421081"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456148","reference_id":"456148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2007-6306"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7g5-angw-yfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57202?format=json","vulnerability_id":"VCID-ymqq-9gmh-6kfn","summary":"An unspecified vulnerability has been reported in OpenOffice.org, possibly\n    allowing for the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4575.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4575.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4575","reference_id":"","reference_type":"","scores":[{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.9092","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90935","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90963","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90971","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90973","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90972","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90997","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90995","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90996","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.9101","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.91008","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.91005","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.9102","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.91034","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.91048","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.91047","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.91056","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.91066","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=299801","reference_id":"299801","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=299801"},{"reference_url":"https://security.gentoo.org/glsa/200712-25","reference_id":"GLSA-200712-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200712-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1048","reference_id":"RHSA-2007:1048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1090","reference_id":"RHSA-2007:1090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"},{"reference_url":"https://usn.ubuntu.com/609-1/","reference_id":"USN-609-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/609-1/"}],"fixed_packages":[],"aliases":["CVE-2007-4575"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymqq-9gmh-6kfn"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jboss-aop@1.5.5-1.CP01.0jpp.ep1.1%3Farch=el5"}