Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2019-17359 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. | 7.5 |
| 2019-10-04 | CVE-2018-11768 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Hadoop In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. | 7.5 |
| 2019-10-01 | CVE-2019-0231 | Cleartext Transmission of Sensitive Information vulnerability in Apache Mina 2.0.20/2.1.1 Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. | 7.5 |
| 2019-09-26 | CVE-2019-10097 | NULL Pointer Dereference vulnerability in multiple products In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. | 7.2 |
| 2019-09-26 | CVE-2019-10092 | Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. | 6.1 |
| 2019-09-26 | CVE-2019-10082 | Use After Free vulnerability in multiple products In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | 9.1 |
| 2019-09-26 | CVE-2019-0203 | Improper Handling of Exceptional Conditions vulnerability in Apache Subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. | 7.5 |
| 2019-09-26 | CVE-2018-11782 | Improper Input Validation vulnerability in Apache Subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. | 6.5 |
| 2019-09-25 | CVE-2019-10098 | Open Redirect vulnerability in Apache Http Server In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | 6.1 |
| 2019-09-23 | CVE-2019-12407 | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |