Filtered by vendor Apache
Subscribe
Total
1977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7678 | 1 Apache | 1 Spark | 2017-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs. | |||||
| CVE-2016-6798 | 1 Apache | 1 Sling | 2017-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application. | |||||
| CVE-2006-4154 | 1 Apache | 1 Http Server | 2017-07-19 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. | |||||
| CVE-2006-1548 | 1 Apache | 1 Struts | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. | |||||
| CVE-2006-1095 | 1 Apache | 1 Mod Python | 2017-07-19 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | |||||
| CVE-2006-0743 | 1 Apache | 1 Log4net | 2017-07-19 | 5.0 MEDIUM | N/A |
| Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | |||||
| CVE-2006-1547 | 1 Apache | 1 Struts | 2017-07-19 | 7.8 HIGH | N/A |
| ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | |||||
| CVE-2017-7664 | 1 Apache | 1 Openmeetings | 2017-07-19 | 7.5 HIGH | 10.0 CRITICAL |
| Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | |||||
| CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | |||||
| CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | |||||
| CVE-2017-7681 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.5 MEDIUM | 8.8 HIGH |
| Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. | |||||
| CVE-2017-7683 | 1 Apache | 1 Openmeetings | 2017-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | |||||
| CVE-2017-5640 | 1 Apache | 1 Impala | 2017-07-17 | 7.5 HIGH | 9.8 CRITICAL |
| It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened. | |||||
| CVE-2017-5659 | 1 Apache | 1 Traffic Server | 2017-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | |||||
| CVE-2016-5396 | 1 Apache | 1 Traffic Server | 2017-07-10 | 7.8 HIGH | 7.5 HIGH |
| Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | |||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2017-07-10 | 5.0 MEDIUM | N/A |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | |||||
| CVE-2005-0108 | 1 Apache | 1 Mod Auth Radius | 2017-07-10 | 5.0 MEDIUM | N/A |
| Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. | |||||
| CVE-2004-2343 | 1 Apache | 1 Http Server | 2017-07-10 | 7.2 HIGH | N/A |
| ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument. | |||||
| CVE-2004-1575 | 1 Apache | 1 Xerces-c\+\+ | 2017-07-10 | 5.0 MEDIUM | N/A |
| The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. | |||||
| CVE-2003-0042 | 1 Apache | 1 Tomcat | 2017-07-10 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. | |||||