eap7-xml-security vulnerabilities

Known vulnerabilities in the eap7-xml-security package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data	<0:2.2.3-2.redhat_00001.1.el7eap
H Server-Side Request Forgery (SSRF)	<0:2.2.3-2.redhat_00001.1.el7eap
H Resource Exhaustion	<0:2.2.3-2.redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:2.2.3-2.redhat_00001.1.el7eap
H Uncontrolled Memory Allocation	<0:2.2.3-2.redhat_00001.1.el7eap
H Resource Exhaustion	<0:2.2.3-2.redhat_00001.1.el7eap
H Server-Side Request Forgery (SSRF)	<0:2.2.3-2.redhat_00001.1.el7eap
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<0:2.2.3-2.redhat_00001.1.el7eap
H Integer Coercion Error	<0:2.2.3-2.redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:2.2.3-2.redhat_00001.1.el7eap
H SQL Injection	<0:2.2.3-2.redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:2.2.3-2.redhat_00001.1.el7eap
H Improper Input Validation	<0:2.2.3-2.redhat_00001.1.el7eap
H Information Exposure	<0:2.2.3-2.redhat_00001.1.el7eap
M Link Following	<0:2.2.6-1.redhat_00002.1.el7eap
M Information Exposure Through Log Files	<0:2.2.6-1.redhat_00002.1.el7eap
H Improper Input Validation	<0:2.1.4-1.redhat_00001.1.el7eap
M Information Exposure	<0:2.1.7-1.redhat_00001.1.el7eap
M Files or Directories Accessible to External Parties	<0:2.1.7-1.redhat_00001.1.el7eap
H Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')	<0:2.1.4-1.redhat_00001.1.el7eap
H Directory Traversal	<0:2.0.9-1.redhat_1.1.ep7.el7
H Insufficient Verification of Data Authenticity	<0:2.0.9-1.redhat_1.1.ep7.el7
H HTTP Request Smuggling	<0:2.0.8-2.redhat_1.1.ep7.el7
H Incorrect Permission Assignment for Critical Resource	<0:2.0.8-2.redhat_1.1.ep7.el7
H HTTP Request Smuggling	<0:2.0.8-2.redhat_1.1.ep7.el7
H Information Exposure	<0:2.0.8-2.redhat_1.1.ep7.el7
H Out-of-Bounds	<0:2.0.8-2.redhat_1.1.ep7.el7
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:2.0.8-2.redhat_1.1.ep7.el7
H HTTP Request Smuggling	<0:2.0.8-2.redhat_1.1.ep7.el7
H Access Restriction Bypass	<0:2.0.8-2.redhat_1.1.ep7.el7
M Resource Exhaustion	<0:2.1.7-1.redhat_00001.1.el7eap
H Uncaught Exception	<0:2.0.10-1.redhat_1.1.ep7.el7
H Directory Traversal	<0:2.0.10-1.redhat_1.1.ep7.el7
H Deserialization of Untrusted Data	<0:2.0.9-1.redhat_1.1.ep7.el7
H Improper Authentication	<0:2.0.9-1.redhat_1.1.ep7.el7
H Resource Exhaustion	<0:2.0.8-2.redhat_1.1.ep7.el7
H Out-of-bounds Read	<0:2.1.4-1.redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:2.0.9-1.redhat_1.1.ep7.el7
H Deserialization of Untrusted Data	<0:2.0.8-2.redhat_1.1.ep7.el7
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<0:2.0.8-2.redhat_1.1.ep7.el7
H Improper Input Validation	<0:2.0.8-2.redhat_1.1.ep7.el7
H Improper Input Validation	<0:2.0.9-1.redhat_1.1.ep7.el7
H Improper Access Control	<0:2.0.8-2.redhat_1.1.ep7.el7
H Resource Exhaustion	<0:2.0.8-2.redhat_1.1.ep7.el7
H Information Exposure	<0:2.0.8-2.redhat_1.1.ep7.el7
H Directory Traversal	<0:2.0.8-2.redhat_1.1.ep7.el7
M Information Exposure	<0:2.1.7-1.redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:2.0.9-1.redhat_1.1.ep7.el7
H Resource Exhaustion	<0:2.1.4-1.redhat_00001.1.el7eap
M Information Exposure	<0:2.1.2-1.redhat_00001.1.el7eap
H HTTP Request Smuggling	<0:2.1.4-1.redhat_00001.1.el7eap
H HTTP Request Smuggling	<0:2.1.4-1.redhat_00001.1.el7eap
H HTTP Request Smuggling	<0:2.1.4-1.redhat_00001.1.el7eap
H Incomplete Blacklist	<0:2.0.9-1.redhat_1.1.ep7.el7
H HTTP Response Splitting	<0:2.0.8-2.redhat_1.1.ep7.el7
M Resource Exhaustion	<0:2.1.7-1.redhat_00001.1.el7eap
H CVE-2015-0254	<0:2.0.6-1.redhat_1.1.ep7.el7
M Information Exposure	<0:2.1.7-1.redhat_00001.1.el7eap
H Deserialization of Untrusted Data	<0:2.1.4-1.redhat_00001.1.el7eap

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data