{"url":"http://public2.vulnerablecode.io/api/packages/151602?format=json","purl":"pkg:rpm/redhat/eap7-glassfish-el@3.0.1-2.b08_redhat_1.1.ep7?arch=el6","type":"rpm","namespace":"redhat","name":"eap7-glassfish-el","version":"3.0.1-2.b08_redhat_1.1.ep7","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40121?format=json","vulnerability_id":"VCID-387y-knja-ukh8","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nIt was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2666","reference_id":"","reference_type":"","scores":[{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80749","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8072","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80747","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2666"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670"},{"reference_url":"https://github.com/advisories/GHSA-mcfm-h73v-635m","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mcfm-h73v-635m"},{"reference_url":"http://www.securityfocus.com/bid/98966","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436163","reference_id":"1436163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405","reference_id":"864405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2666","reference_id":"CVE-2017-2666","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"}],"fixed_packages":[],"aliases":["CVE-2017-2666","GHSA-mcfm-h73v-635m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-387y-knja-ukh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43536?format=json","vulnerability_id":"VCID-5a7n-9dzv-wkbf","summary":"Deserialization of Untrusted Data\nThe getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1834","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1835","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1836","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1837","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3454","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3455","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3456","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3458","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1447","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1448","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1449","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1450","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1451","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1451"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4978.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4978","reference_id":"","reference_type":"","scores":[{"value":"0.0136","scoring_system":"epss","scoring_elements":"0.80528","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0136","scoring_system":"epss","scoring_elements":"0.80526","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0136","scoring_system":"epss","scoring_elements":"0.805","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4978"},{"reference_url":"https://github.com/apache/activemq-artemis","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis"},{"reference_url":"https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2@%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2@%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02@%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02@%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://web.archive.org/web/20210123172653/http://www.securityfocus.com/bid/93142","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123172653/http://www.securityfocus.com/bid/93142"},{"reference_url":"https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1379207","reference_id":"1379207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1379207"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4978","reference_id":"CVE-2016-4978","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4978"},{"reference_url":"https://github.com/advisories/GHSA-r9vv-xj4w-g8m8","reference_id":"GHSA-r9vv-xj4w-g8m8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r9vv-xj4w-g8m8"}],"fixed_packages":[],"aliases":["CVE-2016-4978","GHSA-r9vv-xj4w-g8m8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5a7n-9dzv-wkbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112615?format=json","vulnerability_id":"VCID-83ne-xfr4-83aw","summary":"EAP7 Privilege escalation when managing domain including earlier version slaves","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5406.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5406.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5406","reference_id":"","reference_type":"","scores":[{"value":"0.01504","scoring_system":"epss","scoring_elements":"0.81492","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01504","scoring_system":"epss","scoring_elements":"0.8152","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01504","scoring_system":"epss","scoring_elements":"0.81522","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5406"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359014","reference_id":"1359014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1838","reference_id":"RHSA-2016:1838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1839","reference_id":"RHSA-2016:1839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1840","reference_id":"RHSA-2016:1840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1841","reference_id":"RHSA-2016:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1841"}],"fixed_packages":[],"aliases":["CVE-2016-5406"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83ne-xfr4-83aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112090?format=json","vulnerability_id":"VCID-98ct-w5q2-nyhz","summary":"admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8627.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8627.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8627","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74429","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74461","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74467","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388240","reference_id":"1388240","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0170","reference_id":"RHSA-2017:0170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0171","reference_id":"RHSA-2017:0171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0172","reference_id":"RHSA-2017:0172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0173","reference_id":"RHSA-2017:0173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0244","reference_id":"RHSA-2017:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0245","reference_id":"RHSA-2017:0245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0246","reference_id":"RHSA-2017:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0247","reference_id":"RHSA-2017:0247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0250","reference_id":"RHSA-2017:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0250"}],"fixed_packages":[],"aliases":["CVE-2016-8627"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98ct-w5q2-nyhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38222?format=json","vulnerability_id":"VCID-9gv3-ujz4-4fau","summary":"Uncontrolled Resource Consumption\nRemote attackers could cause a denial of service (CPU and disk consumption) via a long URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7046.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7046.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7046","reference_id":"","reference_type":"","scores":[{"value":"0.0406","scoring_system":"epss","scoring_elements":"0.8875","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0406","scoring_system":"epss","scoring_elements":"0.88749","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0406","scoring_system":"epss","scoring_elements":"0.88732","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7046"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376646","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376646"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-835","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-835"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7046","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7046"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2016-7046","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2016-7046"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838600","reference_id":"838600","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838600"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-7046","reference_id":"CVE-2016-7046","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2016-7046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2640","reference_id":"RHSA-2016:2640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2641","reference_id":"RHSA-2016:2641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2642","reference_id":"RHSA-2016:2642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2657","reference_id":"RHSA-2016:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2657"}],"fixed_packages":[],"aliases":["CVE-2016-7046","GHSA-3f57-w2rp-72fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gv3-ujz4-4fau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40124?format=json","vulnerability_id":"VCID-9v45-vygq-eugz","summary":"Loop with Unreachable Exit Condition (Infinite Loop)\nWith non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670","reference_id":"","reference_type":"","scores":[{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90841","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90827","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670"},{"reference_url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm"},{"reference_url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d"},{"reference_url":"http://www.securityfocus.com/bid/98965","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885","reference_id":"1438885","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405","reference_id":"864405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670","reference_id":"CVE-2017-2670","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"}],"fixed_packages":[],"aliases":["CVE-2017-2670","GHSA-3x7h-5hfr-hvjm"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v45-vygq-eugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111529?format=json","vulnerability_id":"VCID-k2d4-d6dd-wkb9","summary":"EAP-7: Wrong privileges on multiple property files","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12167.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12167","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16411","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16493","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1649","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491612","reference_id":"1491612","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1491612"}],"fixed_packages":[],"aliases":["CVE-2017-12167"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2d4-d6dd-wkb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38215?format=json","vulnerability_id":"VCID-me9g-1s7c-m7cw","summary":"Improper Neutralization of CRLF Sequences in HTTP Headers\nCRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1838.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1838.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1839.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1839.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1840.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1840.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1841.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1841.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3454","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3455","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3456","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3458","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3458"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4993","reference_id":"","reference_type":"","scores":[{"value":"0.01476","scoring_system":"epss","scoring_elements":"0.81297","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01476","scoring_system":"epss","scoring_elements":"0.81325","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01476","scoring_system":"epss","scoring_elements":"0.81328","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4993"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1344321","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1344321"},{"reference_url":"https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-827","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-827"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4993","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4993"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-4993","reference_id":"CVE-2016-4993","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2016-4993"},{"reference_url":"https://github.com/advisories/GHSA-qcqr-hcjq-whfq","reference_id":"GHSA-qcqr-hcjq-whfq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qcqr-hcjq-whfq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1838","reference_id":"RHSA-2016:1838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1839","reference_id":"RHSA-2016:1839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1840","reference_id":"RHSA-2016:1840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1841","reference_id":"RHSA-2016:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1841"}],"fixed_packages":[],"aliases":["CVE-2016-4993","GHSA-qcqr-hcjq-whfq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-me9g-1s7c-m7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111740?format=json","vulnerability_id":"VCID-mqkk-a3w9-nkgc","summary":"wildfly: Arbitrary file read via path traversal","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2595.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2595","reference_id":"","reference_type":"","scores":[{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78437","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78464","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78473","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413028","reference_id":"1413028","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1551","reference_id":"RHSA-2017:1551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1551"}],"fixed_packages":[],"aliases":["CVE-2017-2595"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqkk-a3w9-nkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112724?format=json","vulnerability_id":"VCID-mssg-1j2x-jqd5","summary":"EAP7: Internal IP address disclosed on redirect when request header Host field is not set","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6311.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6311","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5376","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53818","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53827","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362735","reference_id":"1362735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362735"}],"fixed_packages":[],"aliases":["CVE-2016-6311"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mssg-1j2x-jqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39289?format=json","vulnerability_id":"VCID-pkzf-4u9a-c3hq","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nInvalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7559","reference_id":"","reference_type":"","scores":[{"value":"0.01128","scoring_system":"epss","scoring_elements":"0.78679","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01128","scoring_system":"epss","scoring_elements":"0.78671","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01128","scoring_system":"epss","scoring_elements":"0.78644","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7559"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://issues.jboss.org/browse/UNDERTOW-1251","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/UNDERTOW-1251"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1481665","reference_id":"1481665","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1481665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576","reference_id":"885576","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7559","reference_id":"CVE-2017-7559","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7559"},{"reference_url":"https://github.com/advisories/GHSA-rj76-h87p-r3wf","reference_id":"GHSA-rj76-h87p-r3wf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj76-h87p-r3wf"}],"fixed_packages":[],"aliases":["CVE-2017-7559","GHSA-rj76-h87p-r3wf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkzf-4u9a-c3hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39292?format=json","vulnerability_id":"VCID-pzcv-q79p-nbd5","summary":"Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)\nAn attacker may be able to validate an invalid instance and access the private member value via `ConstraintViolation#getInvalidValue()`.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2808","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2809","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2810","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2811","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3141","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3454","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3455","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3456","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3458","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2740","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2741","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2742","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2743","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3817","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3817"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7536.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7536","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31559","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31527","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31595","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7536"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1465573","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1465573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7536"},{"reference_url":"https://github.com/hibernate/hibernate-validator","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-validator"},{"reference_url":"https://github.com/hibernate/hibernate-validator/commit/0778a5c98b817771a645c6f4ba0b28dd8b5437b","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-validator/commit/0778a5c98b817771a645c6f4ba0b28dd8b5437b"},{"reference_url":"https://github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac"},{"reference_url":"https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d11","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d11"},{"reference_url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"},{"reference_url":"http://www.securityfocus.com/bid/101048","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/101048"},{"reference_url":"http://www.securitytracker.com/id/1039744","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1039744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885577","reference_id":"885577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885577"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7536","reference_id":"CVE-2017-7536","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7536"},{"reference_url":"https://github.com/advisories/GHSA-xxgp-pcfc-3vgc","reference_id":"GHSA-xxgp-pcfc-3vgc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxgp-pcfc-3vgc"}],"fixed_packages":[],"aliases":["CVE-2017-7536","GHSA-xxgp-pcfc-3vgc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzcv-q79p-nbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43395?format=json","vulnerability_id":"VCID-q5qt-gu2j-73hj","summary":"Uncontrolled Resource Consumption\nUndertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to \"max-headers\" (default 200) * \"max-header-size\" (default 1MB) per active TCP connection.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0830.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0830.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0831.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0831.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0832.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0832.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0834.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0834.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0876.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0876.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0872","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0873","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3454","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3455","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3456","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3458","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3458"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9589.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9589.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9589","reference_id":"","reference_type":"","scores":[{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84731","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84704","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84728","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404782","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404782"},{"reference_url":"https://github.com/wildfly/wildfly","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wildfly/wildfly"},{"reference_url":"https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060"},{"reference_url":"https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060/"},{"reference_url":"http://www.securityfocus.com/bid/97060","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9589","reference_id":"CVE-2016-9589","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9589"},{"reference_url":"https://github.com/advisories/GHSA-p4xg-cpr9-vwvj","reference_id":"GHSA-p4xg-cpr9-vwvj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p4xg-cpr9-vwvj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0830","reference_id":"RHSA-2017:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0831","reference_id":"RHSA-2017:0831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0831"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0832","reference_id":"RHSA-2017:0832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0834","reference_id":"RHSA-2017:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0876","reference_id":"RHSA-2017:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0876"}],"fixed_packages":[],"aliases":["CVE-2016-9589","GHSA-p4xg-cpr9-vwvj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5qt-gu2j-73hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112510?format=json","vulnerability_id":"VCID-qnhf-r3x9-gqbu","summary":"jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8656.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8656.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8656","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21769","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2185","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21838","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8656"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400344","reference_id":"1400344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0244","reference_id":"RHSA-2017:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0245","reference_id":"RHSA-2017:0245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0246","reference_id":"RHSA-2017:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0250","reference_id":"RHSA-2017:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0831","reference_id":"RHSA-2017:0831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0831"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0832","reference_id":"RHSA-2017:0832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0834","reference_id":"RHSA-2017:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1609","reference_id":"RHSA-2018:1609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1609"}],"fixed_packages":[],"aliases":["CVE-2016-8656"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnhf-r3x9-gqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39380?format=json","vulnerability_id":"VCID-rg7k-kaxv-2ubx","summary":"Deserialization of Untrusted Data\nA deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1834","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1835","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1836","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1837","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1839","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1840","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2477","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2546","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2547","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2633","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2635","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2636","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2637","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2638","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3141","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3454","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3455","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3456","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3458","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0294","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0342","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1449","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1450","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0910","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2858","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3149","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3149"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7525.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7525.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7525","reference_id":"","reference_type":"","scores":[{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99246","published_at":"2026-06-06T12:55:00Z"},{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99244","published_at":"2026-06-04T12:55:00Z"},{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99245","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7525"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462702","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-055","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-055"},{"reference_url":"https://github.com/advisories/GHSA-qxxx-2pp7-5hmx","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxxx-2pp7-5hmx"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/1599","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/1599"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/1723","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/1723"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/1737","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FasterXML/jackson-databind/issues/1737"},{"reference_url":"https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171214-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20171214-0002"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us"},{"reference_url":"https://www.debian.org/security/2017/dsa-4004","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-4004"},{"reference_url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true","reference_id":"","reference_type":"","scores":[],"url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/99623","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99623"},{"reference_url":"http://www.securitytracker.com/id/1039744","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039744"},{"reference_url":"http://www.securitytracker.com/id/1039947","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039947"},{"reference_url":"http://www.securitytracker.com/id/1040360","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040360"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848","reference_id":"870848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525","reference_id":"CVE-2017-7525","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525"},{"reference_url":"https://usn.ubuntu.com/4741-1/","reference_id":"USN-4741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4741-1/"}],"fixed_packages":[],"aliases":["CVE-2017-7525","GHSA-qxxx-2pp7-5hmx"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rg7k-kaxv-2ubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40122?format=json","vulnerability_id":"VCID-vwcx-hrtg-pygs","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nIt was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12165","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78343","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78377","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78369","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12165"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-1251","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-1251"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490301","reference_id":"1490301","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490301"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338","reference_id":"885338","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12165","reference_id":"CVE-2017-12165","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12165"},{"reference_url":"https://github.com/advisories/GHSA-5gg7-5wv8-4gcj","reference_id":"GHSA-5gg7-5wv8-4gcj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5gg7-5wv8-4gcj"}],"fixed_packages":[],"aliases":["CVE-2017-12165","GHSA-5gg7-5wv8-4gcj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwcx-hrtg-pygs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112285?format=json","vulnerability_id":"VCID-yjzc-ysux-euay","summary":"EAP: Sensitive data can be exposed at the server level in domain mode","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7061.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7061","reference_id":"","reference_type":"","scores":[{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68651","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68692","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.687","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380852","reference_id":"1380852","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0170","reference_id":"RHSA-2017:0170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0171","reference_id":"RHSA-2017:0171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0172","reference_id":"RHSA-2017:0172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0173","reference_id":"RHSA-2017:0173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0244","reference_id":"RHSA-2017:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0245","reference_id":"RHSA-2017:0245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0246","reference_id":"RHSA-2017:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0247","reference_id":"RHSA-2017:0247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0250","reference_id":"RHSA-2017:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0250"}],"fixed_packages":[],"aliases":["CVE-2016-7061"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjzc-ysux-euay"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-glassfish-el@3.0.1-2.b08_redhat_1.1.ep7%3Farch=el6"}