{"url":"http://public2.vulnerablecode.io/api/packages/129451?format=json","purl":"pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP02.ep1.3.el5?arch=3","type":"rpm","namespace":"redhat","name":"jbossas","version":"4.2.0-4.GA_CP02.ep1.3.el5","qualifiers":{"arch":"3"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4763?format=json","vulnerability_id":"VCID-88v7-kc2y-bfd7","summary":"Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.","references":[{"reference_url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"},{"reference_url":"http://issues.apache.org/jira/browse/GERONIMO-3549","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://issues.apache.org/jira/browse/GERONIMO-3549"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://marc.info/?l=full-disclosure&m=119239530508382","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=full-disclosure&m=119239530508382"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5461","reference_id":"","reference_type":"","scores":[{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90878","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90888","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90898","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.9091","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06267","scoring_system":"epss","scoring_elements":"0.90925","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5461"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-10.xml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200804-10.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c"},{"reference_url":"https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1447","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1447"},{"reference_url":"http://www.debian.org/security/2008/dsa-1453","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2008/dsa-1453"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=333791","reference_id":"333791","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=333791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461","reference_id":"CVE-2007-5461","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl","reference_id":"CVE-2007-5461","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461","reference_id":"CVE-2007-5461","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461"},{"reference_url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr","reference_id":"GHSA-v5p2-vg3c-pmrr","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr"},{"reference_url":"https://security.gentoo.org/glsa/200804-10","reference_id":"GLSA-200804-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-10"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl","reference_id":"OSVDB-38187;CVE-2007-5461","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0042","reference_id":"RHSA-2008:0042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0195","reference_id":"RHSA-2008:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2007-5461","GHSA-v5p2-vg3c-pmrr"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88v7-kc2y-bfd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88552?format=json","vulnerability_id":"VCID-phgm-ct5c-a3fu","summary":"EJBQL injection via 'order' parameter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6433.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6433.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6433","reference_id":"","reference_type":"","scores":[{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85081","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85111","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85137","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85144","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85159","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6433"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=426206","reference_id":"426206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=426206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"}],"fixed_packages":[],"aliases":["CVE-2007-6433"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phgm-ct5c-a3fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4768?format=json","vulnerability_id":"VCID-t9y6-suc2-2kcg","summary":"Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0002.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0002.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0002","reference_id":"","reference_type":"","scores":[{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88588","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88583","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88565","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88562","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88536","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.88592","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04097","scoring_system":"epss","scoring_elements":"0.886","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0002"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-10.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200804-10.xml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://web.archive.org/web/20080214133036/http://secunia.com/advisories/28915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080214133036/http://secunia.com/advisories/28915"},{"reference_url":"https://web.archive.org/web/20080715062302/http://secunia.com/advisories/29711","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080715062302/http://secunia.com/advisories/29711"},{"reference_url":"https://web.archive.org/web/20080724052339/http://secunia.com/advisories/28834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080724052339/http://secunia.com/advisories/28834"},{"reference_url":"https://web.archive.org/web/20081012021650/http://www.securityfocus.com/bid/27703","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081012021650/http://www.securityfocus.com/bid/27703"},{"reference_url":"https://web.archive.org/web/20081013050642/http://secunia.com/advisories/32222","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081013050642/http://secunia.com/advisories/32222"},{"reference_url":"https://web.archive.org/web/20081120062646/http://securityreason.com/securityalert/3638","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081120062646/http://securityreason.com/securityalert/3638"},{"reference_url":"https://web.archive.org/web/20081121133027/http://www.securityfocus.com/archive/1/487812/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081121133027/http://www.securityfocus.com/archive/1/487812/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20091125140215/http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20091125140215/http://secunia.com/advisories/37460"},{"reference_url":"https://web.archive.org/web/20120825080137/http://www.securityfocus.com/bid/31681","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120825080137/http://www.securityfocus.com/bid/31681"},{"reference_url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=432327","reference_id":"432327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002","reference_id":"CVE-2008-0002","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0002","reference_id":"CVE-2008-0002","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0002"},{"reference_url":"https://github.com/advisories/GHSA-5x5f-9r6q-q7mh","reference_id":"GHSA-5x5f-9r6q-q7mh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5x5f-9r6q-q7mh"},{"reference_url":"https://security.gentoo.org/glsa/200804-10","reference_id":"GLSA-200804-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"}],"fixed_packages":[],"aliases":["CVE-2008-0002","GHSA-5x5f-9r6q-q7mh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9y6-suc2-2kcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88566?format=json","vulnerability_id":"VCID-w7g5-angw-yfcp","summary":"JFreeChart: XSS vulnerabilities in the image map feature","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6306.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6306","reference_id":"","reference_type":"","scores":[{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84424","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84439","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84458","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84459","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84688","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84714","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84709","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.84703","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=421081","reference_id":"421081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=421081"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456148","reference_id":"456148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[],"aliases":["CVE-2007-6306"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7g5-angw-yfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57202?format=json","vulnerability_id":"VCID-ymqq-9gmh-6kfn","summary":"An unspecified vulnerability has been reported in OpenOffice.org, possibly\n    allowing for the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4575.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4575.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4575","reference_id":"","reference_type":"","scores":[{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.9092","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90935","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90963","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90971","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90973","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06316","scoring_system":"epss","scoring_elements":"0.90972","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=299801","reference_id":"299801","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=299801"},{"reference_url":"https://security.gentoo.org/glsa/200712-25","reference_id":"GLSA-200712-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200712-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1048","reference_id":"RHSA-2007:1048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:1090","reference_id":"RHSA-2007:1090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:1090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0151","reference_id":"RHSA-2008:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0158","reference_id":"RHSA-2008:0158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0213","reference_id":"RHSA-2008:0213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0213"},{"reference_url":"https://usn.ubuntu.com/609-1/","reference_id":"USN-609-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/609-1/"}],"fixed_packages":[],"aliases":["CVE-2007-4575"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymqq-9gmh-6kfn"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP02.ep1.3.el5%3Farch=3"}