Vulnerabilities

    CVE-2016-6802 Filter Bypass

    CVE-2013-2172 XML signature spoofing

    CVE-2015-0225 Remote code execution via unauthenticated JMX/RMI interface

    CVE-2014-0050 Denial of service

    CVE-2013-5855 XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

    CVE-2015-1585 CSRF vulnerability

    CVE-2016-6582 Broken token revocation, wrong auth/auth method

    CVE-2017-6920 PECL YAML parser unsafe object handling

    CVE-2017-6920 PECL YAML parser unsafe object handling

    CVE-2016-9955 Incorrect signature verification of SAML 1 messages