{"url":"http://public2.vulnerablecode.io/api/packages/166493?format=json","purl":"pkg:rpm/redhat/jboss-as-pojo@7.5.0-8.Final_redhat_21.1.ep6?arch=el5","type":"rpm","namespace":"redhat","name":"jboss-as-pojo","version":"7.5.0-8.Final_redhat_21.1.ep6","qualifiers":{"arch":"el5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113702?format=json","vulnerability_id":"VCID-3x8q-8esf-v3gq","summary":"PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6254","reference_id":"","reference_type":"","scores":[{"value":"0.00578","scoring_system":"epss","scoring_elements":"0.69232","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6254"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974359","reference_id":"1974359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974359"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"}],"fixed_packages":[],"aliases":["CVE-2015-6254"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8q-8esf-v3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43886?format=json","vulnerability_id":"VCID-axqp-xsr5-yqej","summary":"Improper Access Control in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227","reference_id":"","reference_type":"","scores":[{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94434","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837"},{"reference_url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451","reference_id":"1191451","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227","reference_id":"CVE-2015-0227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227"},{"reference_url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw","reference_id":"GHSA-6r5v-hp32-fjqw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[],"aliases":["CVE-2015-0227","GHSA-6r5v-hp32-fjqw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axqp-xsr5-yqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43996?format=json","vulnerability_id":"VCID-s2q7-ybj4-ubg5","summary":"Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1376"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226","reference_id":"","reference_type":"","scores":[{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.90107","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226"},{"reference_url":"https://github.com/apache/ws-wss4j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1621329","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1621329"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446","reference_id":"1191446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226","reference_id":"CVE-2015-0226","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226"},{"reference_url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc","reference_id":"CVE-2015-0226.TXT.ASC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5","reference_id":"GHSA-vjwc-5hfh-2vv5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[],"aliases":["CVE-2015-0226","GHSA-vjwc-5hfh-2vv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2q7-ybj4-ubg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75296?format=json","vulnerability_id":"VCID-syn7-dsre-9qg3","summary":"Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8111","reference_id":"","reference_type":"","scores":[{"value":"0.03739","scoring_system":"epss","scoring_elements":"0.88213","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1182591","reference_id":"1182591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1182591"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783233","reference_id":"783233","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1641","reference_id":"RHSA-2015:1641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1642","reference_id":"RHSA-2015:1642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1642"}],"fixed_packages":[],"aliases":["CVE-2014-8111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syn7-dsre-9qg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113663?format=json","vulnerability_id":"VCID-ut72-ga69-97aq","summary":"PicketLink: SP does not take Audience condition of a SAML assertion into account","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0277","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67809","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194832","reference_id":"1194832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"}],"fixed_packages":[],"aliases":["CVE-2015-0277"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ut72-ga69-97aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113622?format=json","vulnerability_id":"VCID-ve9f-5kg8-yffh","summary":"mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0298","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55512","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1197769","reference_id":"1197769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1197769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1641","reference_id":"RHSA-2015:1641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1642","reference_id":"RHSA-2015:1642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1642"}],"fixed_packages":[],"aliases":["CVE-2015-0298"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ve9f-5kg8-yffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113729?format=json","vulnerability_id":"VCID-wbbn-pm1z-nfbc","summary":"CLI: Insecure default permissions on history file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3586","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23559","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3586"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126687","reference_id":"1126687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-3586"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbn-pm1z-nfbc"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jboss-as-pojo@7.5.0-8.Final_redhat_21.1.ep6%3Farch=el5"}