Skip to main content

Apache

2551 CVEs vendor

Monthly

CVE-2012-3502 MEDIUM This Month

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Http Server Apache HTTP Server
NVD
CVSS 2.0
4.3
EPSS
3.8%
CVE-2012-2687 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Http Server Apache HTTP Server
NVD
CVSS 2.0
2.6
EPSS
8.3%
CVE-2012-0213 Maven MEDIUM PATCH This Month

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1%.

Denial Of Service Apache Java Poi
NVD
CVSS 2.0
5.0
EPSS
13.1%
CVE-2012-2760 LOW POC Monitor

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Mod Auth Openid
NVD Exploit-DB GitHub
CVSS 2.0
2.1
EPSS
0.4%
CVE-2012-3126 MEDIUM This Month

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated medium severity (CVSS 6.2). No vendor patch available.

Tomcat Apache Oracle Information Disclosure Sun Products Suite
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2012-3123 MEDIUM This Month

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Oracle Information Disclosure Sunos
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-3376 Maven HIGH PATCH This Week

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Hadoop
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2012-2138 Maven MEDIUM POC PATCH THREAT This Month

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.4%.

Privilege Escalation Denial Of Service Apache Org Apache Sling Servlets Post
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
43.4%
CVE-2012-2098 Maven MEDIUM PATCH This Month

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Commons Compress
NVD
CVSS 2.0
5.0
EPSS
4.3%
CVE-2012-2381 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Roller
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2012-2380 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Apache Roller
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-0216 MEDIUM This Month

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides. Rated medium severity (CVSS 4.4). No vendor patch available.

XSS Apache Debian Debian Linux
NVD
CVSS 2.0
4.4
EPSS
0.4%
CVE-2012-0883 MEDIUM PATCH This Month

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the. Rated medium severity (CVSS 6.9).

Apache Information Disclosure Http Server Opensuse Apache HTTP Server
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2012-1574 Maven MEDIUM PATCH This Month

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Hadoop Cloudera Cdh
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2012-0256 MEDIUM PATCH This Month

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Apache Traffic Server
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2012-1089 MEDIUM This Month

Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Wicket
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-0047 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Wicket
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2012-1181 MEDIUM PATCH This Month

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Apache Mod Fcgid
NVD
CVSS 2.0
5.0
EPSS
9.7%
CVE-2012-0838 Maven CRITICAL PATCH Act Now

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.1%.

Apache RCE Struts
NVD
CVSS 2.0
10.0
EPSS
11.1%
CVE-2012-0788 MEDIUM POC This Month

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Apache
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
5.2%
CVE-2012-0840 MEDIUM POC PATCH THREAT This Month

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

Denial Of Service Apache Portable Runtime
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
37.2%
CVE-2012-1007 Maven MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 23.0%.

Apache XSS Struts
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
23.0%
CVE-2012-1006 Maven MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 78.1%.

Apache XSS Struts
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
78.1%
Threat
4.7
CVE-2012-0053 MEDIUM POC PATCH THREAT This Month

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 56.0%.

Apache Information Disclosure Http Server Debian Linux Opensuse +9
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
56.0%
Threat
4.0
CVE-2012-0021 LOW PATCH Monitor

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string,. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Epss exploitation probability 33.0%.

Denial Of Service Apache Http Server Apache HTTP Server
NVD
CVSS 2.0
2.6
EPSS
33.0%
CVE-2012-0022 Maven MEDIUM PATCH This Month

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.4%.

Tomcat Denial Of Service Apache
NVD
CVSS 2.0
5.0
EPSS
23.4%
CVE-2012-0031 MEDIUM POC This Month

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apache Http Server Debian Linux Opensuse +10
NVD Exploit-DB
CVSS 2.0
4.6
EPSS
1.2%
CVE-2012-0394 Maven MEDIUM POC PATCH THREAT This Month

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.6%.

Code Injection Apache RCE Struts
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
92.6%
Threat
5.6
CVE-2012-0393 Maven MEDIUM POC PATCH THREAT This Month

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.5%.

Privilege Escalation Apache Java Struts
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
58.5%
Threat
4.5
CVE-2012-0392 Maven MEDIUM POC PATCH THREAT This Month

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.0%.

RCE Apache Java Struts
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
75.0%
Threat
5.1
CVE-2012-0391 Maven CRITICAL POC KEV PATCH THREAT GHSA Act Now

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Apache RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
88.3%
Threat
7.6
EPSS 4% CVSS 4.3
MEDIUM This Month

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Http Server +1
NVD
EPSS 8% CVSS 2.6
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Http Server +1
NVD
EPSS 13% CVSS 5.0
MEDIUM PATCH This Month

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1%.

Denial Of Service Apache Java +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Mod Auth Openid
NVD Exploit-DB GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated medium severity (CVSS 6.2). No vendor patch available.

Tomcat Apache Oracle +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Oracle Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Hadoop
NVD
EPSS 43% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.4%.

Privilege Escalation Denial Of Service Apache +1
NVD Exploit-DB
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Commons Compress
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Roller
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Apache Roller
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides. Rated medium severity (CVSS 4.4). No vendor patch available.

XSS Apache Debian +1
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the. Rated medium severity (CVSS 6.9).

Apache Information Disclosure Http Server +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Hadoop +1
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Apache +1
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Wicket
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Wicket
NVD
EPSS 10% CVSS 5.0
MEDIUM PATCH This Month

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Apache +1
NVD
EPSS 11% CVSS 10.0
CRITICAL PATCH Act Now

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.1%.

Apache RCE Struts
NVD
EPSS 5% CVSS 5.0
MEDIUM POC This Month

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Apache
NVD Exploit-DB
EPSS 37% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

Denial Of Service Apache Portable Runtime
NVD Exploit-DB
EPSS 23% CVSS 4.3
MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 23.0%.

Apache XSS Struts
NVD Exploit-DB
EPSS 78% 4.7 CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 78.1%.

Apache XSS Struts
NVD Exploit-DB
EPSS 56% 4.0 CVSS 4.3
MEDIUM POC PATCH THREAT This Month

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 56.0%.

Apache Information Disclosure Http Server +11
NVD Exploit-DB
EPSS 33% CVSS 2.6
LOW PATCH Monitor

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string,. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Epss exploitation probability 33.0%.

Denial Of Service Apache Http Server +1
NVD
EPSS 23% CVSS 5.0
MEDIUM PATCH This Month

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.4%.

Tomcat Denial Of Service Apache
NVD
EPSS 1% CVSS 4.6
MEDIUM POC This Month

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apache Http Server +12
NVD Exploit-DB
EPSS 93% 5.6 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.6%.

Code Injection Apache RCE +1
NVD Exploit-DB
EPSS 59% 4.5 CVSS 6.4
MEDIUM POC PATCH THREAT This Month

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.5%.

Privilege Escalation Apache Java +1
NVD Exploit-DB
EPSS 75% 5.1 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.0%.

RCE Apache Java +1
NVD Exploit-DB
EPSS 88% 7.6 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Apache RCE
NVD Exploit-DB VulDB
Prev Page 29 of 29

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy