Skip to main content

Apache

2551 CVEs vendor

Monthly

CVE-2014-0035 Maven MEDIUM PATCH This Month

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-0034 Maven MEDIUM PATCH This Month

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2014-4721 LOW POC Monitor

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Apache Debian Linux
NVD
CVSS 2.0
2.6
EPSS
9.9%
CVE-2012-1621 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2014-0186 MEDIUM This Month

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Red Hat Denial Of Service Apache Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0119 Maven MEDIUM PATCH This Month

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Privilege Escalation Apache
NVD
CVSS 2.0
4.3
EPSS
4.4%
CVE-2014-0099 Maven MEDIUM PATCH This Month

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.9%.

Tomcat Buffer Overflow Java Apache
NVD
CVSS 2.0
4.3
EPSS
37.9%
CVE-2014-0096 Maven MEDIUM PATCH This Month

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Java Privilege Escalation Apache
NVD
CVSS 2.0
4.3
EPSS
5.8%
CVE-2014-0095 Maven MEDIUM PATCH This Month

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Denial Of Service Java Apache
NVD
CVSS 2.0
5.0
EPSS
9.7%
CVE-2014-0075 Maven MEDIUM PATCH This Month

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 46.7%.

Tomcat Denial Of Service Java Apache
NVD
CVSS 2.0
5.0
EPSS
46.7%
CVE-2013-2193 MEDIUM This Month

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive. Rated medium severity (CVSS 4.3). No vendor patch available.

Apache Authentication Bypass Hbase
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0240 MEDIUM This Month

The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain. Rated medium severity (CVSS 6.2). No vendor patch available.

Privilege Escalation Apache Mod Wsgi
NVD
CVSS 2.0
6.2
EPSS
0.2%
CVE-2013-2758 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Citrix Information Disclosure Apache Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2013-2756 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Citrix Authentication Bypass Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2012-5649 MEDIUM This Month

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Adobe RCE Code Injection Apache Couchdb
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-0110 Maven MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2014-0109 Maven MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2014-0116 Maven MEDIUM PATCH This Month

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Apache Struts
NVD
CVSS 2.0
5.8
EPSS
2.8%
CVE-2014-0114 Maven HIGH POC PATCH THREAT Act Now

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

RCE Apache Commons Beanutils Struts
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
92.7%
Threat
5.8
CVE-2013-7372 MEDIUM POC PATCH This Month

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Information Disclosure Java Apache Harmony +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0113 Maven HIGH POC PATCH THREAT Act Now

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%.

RCE Privilege Escalation Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
82.1%
Threat
5.5
CVE-2014-0112 Maven HIGH POC PATCH THREAT Act Now

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.4%.

RCE Privilege Escalation Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
91.4%
Threat
5.7
CVE-2013-2187 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apache Archiva
NVD VulDB
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-0111 Maven MEDIUM PATCH This Month

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Apache Syncope
NVD VulDB
CVSS 2.0
6.5
EPSS
1.4%
CVE-2014-0085 Maven LOW PATCH Monitor

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Apache Information Disclosure Authentication Bypass Jboss A Mq Jboss Fuse
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-0107 Maven HIGH PATCH This Week

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Apache Xalan Java Webcenter Sites
NVD VulDB
CVSS 2.0
7.5
EPSS
8.8%
CVE-2013-5704 MEDIUM POC PATCH THREAT This Month

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

Authentication Bypass Apache Http Server Enterprise Linux Desktop Enterprise Linux Eus +12
NVD VulDB
CVSS 2.0
5.0
EPSS
64.7%
Threat
4.4
CVE-2014-2600 MEDIUM This Month

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Apache Icewall Identity Manager Icewall Sso Password Reset Option
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-0050 Maven HIGH POC PATCH THREAT Act Now

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Tomcat Denial Of Service Java Privilege Escalation Apache +2
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
92.7%
Threat
5.8
CVE-2014-2668 MEDIUM POC THREAT This Month

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.4%.

Denial Of Service Apache Couchdb
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
40.4%
CVE-2014-0848 LOW Monitor

The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Apache Netezza Performance Portal
NVD VulDB
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-0003 Maven HIGH POC PATCH THREAT Act Now

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Privilege Escalation Java Apache Camel
NVD VulDB
CVSS 2.0
7.5
EPSS
23.0%
CVE-2014-0002 Maven HIGH POC PATCH THREAT Act Now

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.7%.

XXE Privilege Escalation Apache Camel
NVD VulDB
CVSS 2.0
7.5
EPSS
28.7%
CVE-2012-5650 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Couchdb
NVD VulDB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-5641 MEDIUM POC PATCH This Month

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Apache Couchdb Mochiweb
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
3.7%
CVE-2014-0098 MEDIUM PATCH This Month

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.0%.

Denial Of Service Apache Http Server Secure Global Desktop Ubuntu Linux +1
NVD VulDB
CVSS 2.0
5.0
EPSS
41.0%
CVE-2013-6438 MEDIUM PATCH This Month

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.2%.

Denial Of Service Apache Http Server Ubuntu Linux Apache HTTP Server
NVD VulDB
CVSS 2.0
5.0
EPSS
30.2%
CVE-2014-0094 Maven MEDIUM POC PATCH THREAT This Month

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.1%.

Information Disclosure Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
93.1%
Threat
5.3
CVE-2014-1884 HIGH POC This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Apache Microsoft Cordova +1
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-1882 HIGH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Apache Phonegap Cordova
NVD
CVSS 2.0
7.5
EPSS
7.7%
CVE-2014-1881 HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Adobe Apache Cordova Phonegap
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2012-6637 HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe Apache Authentication Bypass Cordova Phonegap
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-0033 Maven MEDIUM PATCH This Month

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 16.2%.

Tomcat Apache Information Disclosure Java
NVD
CVSS 2.0
4.3
EPSS
16.2%
CVE-2013-4590 Maven MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure XXE Debian Linux +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-4322 Maven MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.7%.

Tomcat Denial Of Service Apache
NVD
CVSS 2.0
4.3
EPSS
36.7%
CVE-2013-4286 Maven MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Epss exploitation probability 23.6%.

Tomcat Apache Information Disclosure
NVD
CVSS 2.0
5.8
EPSS
23.6%
CVE-2013-0346 LOW Monitor

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Privilege Escalation Apache
NVD
CVSS 2.0
2.1
EPSS
0.6%
CVE-2014-0032 MEDIUM PATCH This Month

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Apache Subversion
NVD
CVSS 2.0
4.3
EPSS
27.1%
CVE-2013-2055 MEDIUM This Month

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Wicket
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2013-1880 Maven MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache XSS Activemq
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-0177 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Java XSS Ofbiz
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
4.2%
CVE-2013-2192 Maven LOW PATCH Monitor

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle. Rated low severity (CVSS 3.2). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Hadoop
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2013-2185 Maven HIGH PATCH This Week

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Red Hat Apache Information Disclosure Jboss Enterprise Application Platform +1
NVD
CVSS 2.0
7.5
EPSS
5.3%
CVE-2014-0031 MEDIUM This Month

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-6398 LOW Monitor

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
CVSS 2.0
2.8
EPSS
1.0%
CVE-2013-4517 Maven MEDIUM PATCH This Month

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs),. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Java Santuario Xml Security For Java
NVD
CVSS 2.0
4.3
EPSS
8.4%
CVE-2012-6612 Maven HIGH PATCH This Week

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Apache XXE Solr
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2013-6408 Maven MEDIUM PATCH This Month

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
CVSS 2.0
6.4
EPSS
11.4%
CVE-2013-6407 Maven MEDIUM PATCH This Month

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
CVSS 2.0
6.4
EPSS
11.4%
CVE-2013-6397 Maven MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.9%.

Apache Path Traversal XXE Solr
NVD
CVSS 2.0
4.3
EPSS
90.9%
Threat
5.1
CVE-2013-4558 LOW PATCH Monitor

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Apache Canonical Mod Dav Svn Subversion
NVD GitHub
CVSS 2.0
3.5
EPSS
1.8%
CVE-2013-4505 LOW PATCH Monitor

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Privilege Escalation Denial Of Service Apache Mod Dontdothat Subversion
NVD
CVSS 2.0
2.6
EPSS
1.6%
CVE-2013-4212 MEDIUM POC PATCH THREAT This Month

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.0%.

Code Injection Apache RCE Roller
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
87.0%
Threat
5.5
CVE-2013-4171 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Roller
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2013-6357 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Apache Tomcat
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-6348 Maven MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache XSS Struts
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2013-6111 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Mod Pagespeed
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4261 LOW POC PATCH Monitor

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Apache Folsom Grizzly +1
NVD
CVSS 2.0
3.5
EPSS
0.6%
CVE-2013-6289 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Apache Solr
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6288 PHP CRITICAL PATCH Act Now

Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Apache Apache Solr
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2013-2186 Maven HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
7.5
EPSS
87.1%
Threat
4.1
CVE-2012-4529 MEDIUM This Month

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Apache Information Disclosure Jboss Community Application Server Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4390 Maven MEDIUM PATCH This Month

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Open Redirect XSS Sling Sling Auth Core Component
NVD
CVSS 2.0
5.8
EPSS
1.3%
CVE-2013-4295 Maven MEDIUM POC PATCH THREAT This Month

The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.0%.

PHP Apache Information Disclosure XXE Shindig
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
17.0%
CVE-2013-4365 HIGH PATCH This Week

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Mod Fcgid Debian Linux +3
NVD
CVSS 2.0
7.5
EPSS
6.7%
CVE-2013-2254 Maven MEDIUM POC PATCH This Month

The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Apache Java Org Apache Sling Servlets Post
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-5792 MEDIUM This Month

Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Oracle Information Disclosure E Business Suite
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4330 Maven MEDIUM PATCH This Month

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.0%.

Code Injection Apache RCE Camel
NVD
CVSS 2.0
6.8
EPSS
18.0%
CVE-2013-5697 HIGH POC This Week

SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apache Mod Accounting
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-4316 Maven CRITICAL PATCH Act Now

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Struts Flexcube Private Banking Mysql Enterprise Monitor +1
NVD
CVSS 2.0
10.0
EPSS
6.2%
CVE-2013-4310 Maven MEDIUM PATCH This Month

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Apache Struts
NVD
CVSS 2.0
5.8
EPSS
8.7%
CVE-2013-4277 LOW Monitor

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apache Subversion
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2013-2178 MEDIUM This Month

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Fail2Ban
NVD GitHub
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-3374 MEDIUM PATCH This Month

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Rt
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-1909 PyPI MEDIUM PATCH This Month

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Apache Information Disclosure Enterprise Mrg Qpid
NVD
CVSS 2.0
5.8
EPSS
0.8%
CVE-2013-4961 MEDIUM This Month

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Puppet Enterprise
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2210 HIGH This Week

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache RCE Xml Security For C
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2013-2172 Maven MEDIUM PATCH This Month

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Java Santuario Xml Security For Java
NVD
CVSS 2.0
4.3
EPSS
5.4%
CVE-2013-2156 HIGH PATCH This Week

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Apache RCE Xml Security For C
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2013-2155 MEDIUM PATCH This Month

Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Apache Xml Security For C
NVD
CVSS 2.0
5.8
EPSS
1.6%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf +1
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf +1
NVD
EPSS 10% CVSS 2.6
LOW POC Monitor

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Apache +1
NVD
EPSS 6% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Ofbiz
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Red Hat Denial Of Service +2
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Privilege Escalation +1
NVD
EPSS 38% CVSS 4.3
MEDIUM PATCH This Month

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.9%.

Tomcat Buffer Overflow Java +1
NVD
EPSS 6% CVSS 4.3
MEDIUM PATCH This Month

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Java +2
NVD
EPSS 10% CVSS 5.0
MEDIUM PATCH This Month

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Denial Of Service Java +1
NVD
EPSS 47% CVSS 5.0
MEDIUM PATCH This Month

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 46.7%.

Tomcat Denial Of Service Java +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive. Rated medium severity (CVSS 4.3). No vendor patch available.

Apache Authentication Bypass Hbase
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain. Rated medium severity (CVSS 6.2). No vendor patch available.

Privilege Escalation Apache Mod Wsgi
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Citrix Information Disclosure Apache +2
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Citrix Authentication Bypass +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Adobe RCE Code Injection +2
NVD
EPSS 6% CVSS 4.3
MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
EPSS 6% CVSS 4.3
MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
EPSS 3% CVSS 5.8
MEDIUM PATCH This Month

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Apache Struts
NVD
EPSS 93% 5.8 CVSS 7.5
HIGH POC PATCH THREAT Act Now

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

RCE Apache Commons Beanutils +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Information Disclosure Java +3
NVD VulDB
EPSS 82% 5.5 CVSS 7.5
HIGH POC PATCH THREAT Act Now

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%.

RCE Privilege Escalation Apache +1
NVD Exploit-DB VulDB
EPSS 91% 5.7 CVSS 7.5
HIGH POC PATCH THREAT Act Now

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.4%.

RCE Privilege Escalation Apache +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apache Archiva
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection +2
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Apache Information Disclosure Authentication Bypass +2
NVD VulDB
EPSS 9% CVSS 7.5
HIGH PATCH This Week

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Apache +2
NVD VulDB
EPSS 65% 4.4 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

Authentication Bypass Apache Http Server +14
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Apache +2
NVD VulDB
EPSS 93% 5.8 CVSS 7.5
HIGH POC PATCH THREAT Act Now

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Tomcat Denial Of Service Java +4
NVD Exploit-DB VulDB
EPSS 40% CVSS 5.0
MEDIUM POC THREAT This Month

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.4%.

Denial Of Service Apache Couchdb
NVD Exploit-DB VulDB
EPSS 0% CVSS 3.5
LOW Monitor

The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Apache +1
NVD VulDB
EPSS 23% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Privilege Escalation Java Apache +1
NVD VulDB
EPSS 29% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.7%.

XXE Privilege Escalation Apache +1
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Couchdb
NVD VulDB
EPSS 4% CVSS 5.0
MEDIUM POC PATCH This Month

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Apache Couchdb +1
NVD GitHub VulDB
EPSS 41% CVSS 5.0
MEDIUM PATCH This Month

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.0%.

Denial Of Service Apache Http Server +3
NVD VulDB
EPSS 30% CVSS 5.0
MEDIUM PATCH This Month

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.2%.

Denial Of Service Apache Http Server +2
NVD VulDB
EPSS 93% 5.3 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.1%.

Information Disclosure Apache Struts
NVD Exploit-DB VulDB
EPSS 2% CVSS 7.5
HIGH POC This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Apache +3
NVD
EPSS 8% CVSS 7.5
HIGH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Apache +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Adobe Apache +2
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe Apache Authentication Bypass +2
NVD
EPSS 16% CVSS 4.3
MEDIUM PATCH This Month

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 16.2%.

Tomcat Apache Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure +3
NVD
EPSS 37% CVSS 4.3
MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.7%.

Tomcat Denial Of Service Apache
NVD
EPSS 24% CVSS 5.8
MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Epss exploitation probability 23.6%.

Tomcat Apache Information Disclosure
NVD
EPSS 1% CVSS 2.1
LOW Monitor

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Privilege Escalation Apache
NVD
EPSS 27% CVSS 4.3
MEDIUM PATCH This Month

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Apache Subversion
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Wicket
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache XSS Activemq
NVD
EPSS 4% CVSS 3.5
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Java XSS +1
NVD Exploit-DB
EPSS 0% CVSS 3.2
LOW PATCH Monitor

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle. Rated low severity (CVSS 3.2). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Hadoop
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Red Hat Apache +3
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
EPSS 1% CVSS 2.8
LOW Monitor

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Cloudstack
NVD
EPSS 8% CVSS 4.3
MEDIUM PATCH This Month

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs),. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Java +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Apache XXE Solr
NVD
EPSS 11% CVSS 6.4
MEDIUM PATCH This Month

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
EPSS 11% CVSS 6.4
MEDIUM PATCH This Month

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
EPSS 91% 5.1 CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.9%.

Apache Path Traversal XXE +1
NVD
EPSS 2% CVSS 3.5
LOW PATCH Monitor

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Apache Canonical +2
NVD GitHub
EPSS 2% CVSS 2.6
LOW PATCH Monitor

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Privilege Escalation Denial Of Service Apache +2
NVD
EPSS 87% 5.5 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.0%.

Code Injection Apache RCE +1
NVD Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Roller
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Apache Tomcat
NVD Exploit-DB
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache XSS Struts
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Mod Pagespeed
NVD
EPSS 1% CVSS 3.5
LOW POC PATCH Monitor

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Apache +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Apache Solr
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Apache Apache Solr
NVD
EPSS 87% 4.1 CVSS 7.5
HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure +5
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Apache Information Disclosure +2
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Open Redirect XSS +2
NVD
EPSS 17% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.0%.

PHP Apache Information Disclosure +2
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption +5
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Apache +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Oracle Information Disclosure +1
NVD
EPSS 18% CVSS 6.8
MEDIUM PATCH This Month

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.0%.

Code Injection Apache RCE +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apache Mod Accounting
NVD Exploit-DB
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Struts +3
NVD
EPSS 9% CVSS 5.8
MEDIUM PATCH This Month

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Apache Struts
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apache Subversion
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Fail2Ban
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Rt
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Apache Information Disclosure +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Puppet Enterprise
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache +2
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Java +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Apache +2
NVD
EPSS 2% CVSS 5.8
MEDIUM PATCH This Month

Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Apache Xml Security For C
NVD
Prev Page 27 of 29 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy