{"url":"http://public2.vulnerablecode.io/api/packages/176398?format=json","purl":"pkg:rpm/redhat/log4j-jboss-logmanager@1.0.2-1.Final_redhat_1.ep6?arch=el6","type":"rpm","namespace":"redhat","name":"log4j-jboss-logmanager","version":"1.0.2-1.Final_redhat_1.ep6","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114196?format=json","vulnerability_id":"VCID-4kf3-hx3k-47ef","summary":"Bayeux: Reflected Cross-Site Scripting (XSS)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6495.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6495","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52273","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6495"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1066794","reference_id":"1066794","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1066794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1437","reference_id":"RHSA-2013:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1437"}],"fixed_packages":[],"aliases":["CVE-2013-6495"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kf3-hx3k-47ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51037?format=json","vulnerability_id":"VCID-7pxs-sc8s-8fg2","summary":"A XSS flaw affected the mod_proxy_balancer manager interface.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4558.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4558.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4558","reference_id":"","reference_type":"","scores":[{"value":"0.58223","scoring_system":"epss","scoring_elements":"0.98222","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4558"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=915884","reference_id":"915884","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=915884"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2012-4558.json","reference_id":"CVE-2012-4558","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2012-4558.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0815","reference_id":"RHSA-2013:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1011","reference_id":"RHSA-2013:1011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1012","reference_id":"RHSA-2013:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1013","reference_id":"RHSA-2013:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"}],"fixed_packages":[],"aliases":["CVE-2012-4558"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pxs-sc8s-8fg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114582?format=json","vulnerability_id":"VCID-8xm4-twyc-duh2","summary":"PicketBox: Insecure storage of masked passwords","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1921.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1921.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1921","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23558","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1921"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=948106","reference_id":"948106","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=948106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1437","reference_id":"RHSA-2013:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0029","reference_id":"RHSA-2014:0029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0029"}],"fixed_packages":[],"aliases":["CVE-2013-1921"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xm4-twyc-duh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51039?format=json","vulnerability_id":"VCID-b44m-f3y9-kqag","summary":"Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1896.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1896","reference_id":"","reference_type":"","scores":[{"value":"0.43961","scoring_system":"epss","scoring_elements":"0.97605","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717272","reference_id":"717272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717272"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=983549","reference_id":"983549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=983549"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2013-1896.json","reference_id":"CVE-2013-1896","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2013-1896.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1133","reference_id":"RHSA-2013:1133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1134","reference_id":"RHSA-2013:1134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1156","reference_id":"RHSA-2013:1156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"}],"fixed_packages":[],"aliases":["CVE-2013-1896"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b44m-f3y9-kqag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51034?format=json","vulnerability_id":"VCID-csqk-utue-9yeq","summary":"Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3499.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3499.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3499","reference_id":"","reference_type":"","scores":[{"value":"0.21581","scoring_system":"epss","scoring_elements":"0.95829","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3499"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=915883","reference_id":"915883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=915883"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2012-3499.json","reference_id":"CVE-2012-3499","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2012-3499.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0815","reference_id":"RHSA-2013:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1011","reference_id":"RHSA-2013:1011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1012","reference_id":"RHSA-2013:1012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1013","reference_id":"RHSA-2013:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"}],"fixed_packages":[],"aliases":["CVE-2012-3499"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-csqk-utue-9yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51038?format=json","vulnerability_id":"VCID-m4t4-3fjk-s3gq","summary":"mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1862.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1862","reference_id":"","reference_type":"","scores":[{"value":"0.52396","scoring_system":"epss","scoring_elements":"0.97981","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1862"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=953729","reference_id":"953729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=953729"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2013-1862.json","reference_id":"CVE-2013-1862","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2013-1862.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0815","reference_id":"RHSA-2013:0815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1133","reference_id":"RHSA-2013:1133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1134","reference_id":"RHSA-2013:1134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"}],"fixed_packages":[],"aliases":["CVE-2013-1862"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4t4-3fjk-s3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37568?format=json","vulnerability_id":"VCID-qspg-3tg3-p7ep","summary":"Cryptographic Issues\nAttackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the `SignedInfo` part of the Signature.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1207.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1207.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1208.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1208.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1209.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1209.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1217.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1217.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1218.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1218.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1219.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1219.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1220.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1220.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1375.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1375.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1853.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1853.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0212.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0212.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2172","reference_id":"","reference_type":"","scores":[{"value":"0.03643","scoring_system":"epss","scoring_elements":"0.8806","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2172"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"https://github.com/apache/santuario-java","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java"},{"reference_url":"https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590"},{"reference_url":"https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f"},{"reference_url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2172","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2172"},{"reference_url":"http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h"},{"reference_url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846"},{"reference_url":"http://www.debian.org/security/2014/dsa-3065","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-3065"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2028-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2028-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375","reference_id":"720375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=999263","reference_id":"999263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=999263"},{"reference_url":"http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc","reference_id":"CVE-2013-2172.TXT.ASC","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1217","reference_id":"RHSA-2013:1217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1218","reference_id":"RHSA-2013:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1219","reference_id":"RHSA-2013:1219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1220","reference_id":"RHSA-2013:1220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1375","reference_id":"RHSA-2013:1375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1437","reference_id":"RHSA-2013:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1853","reference_id":"RHSA-2013:1853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0212","reference_id":"RHSA-2014:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1369","reference_id":"RHSA-2014:1369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1369"}],"fixed_packages":[],"aliases":["CVE-2013-2172","GHSA-r237-w2w6-jq3p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qspg-3tg3-p7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37576?format=json","vulnerability_id":"VCID-s3zg-vjk7-kkdg","summary":"Authentication via cached credentials\nThe `DiagnosticsHandler` in this package allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1207.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1207.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1208.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1208.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1209.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1209.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1771.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1771.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0029.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0029.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4112","reference_id":"","reference_type":"","scores":[{"value":"0.01302","scoring_system":"epss","scoring_elements":"0.80087","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=983489","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=983489"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717031","reference_id":"717031","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717031"},{"reference_url":"https://bugzilla.redhat.com/CVE-2013-4112","reference_id":"CVE-2013-4112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2013-4112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1207","reference_id":"RHSA-2013:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1208","reference_id":"RHSA-2013:1208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1209","reference_id":"RHSA-2013:1209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1437","reference_id":"RHSA-2013:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1771","reference_id":"RHSA-2013:1771","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0029","reference_id":"RHSA-2014:0029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0029"}],"fixed_packages":[],"aliases":["CVE-2013-4112","GHSA-cc62-496p-hrr7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3zg-vjk7-kkdg"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/log4j-jboss-logmanager@1.0.2-1.Final_redhat_1.ep6%3Farch=el6"}