Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-01 | CVE-2018-8034 | Improper Certificate Validation vulnerability in multiple products The host name verification when using TLS with the WebSocket client was missing. | 7.5 |
2018-07-31 | CVE-2018-8027 | XXE vulnerability in Apache Camel Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | 9.8 |
2018-07-31 | CVE-2018-8020 | Improper Certificate Validation vulnerability in multiple products Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. | 7.4 |
2018-07-31 | CVE-2018-8019 | Improper Certificate Validation vulnerability in multiple products When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. | 7.4 |
2018-07-26 | CVE-2017-12171 | Improper Access Control vulnerability in multiple products A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. | 6.5 |
2018-07-26 | CVE-2018-1288 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. | 5.4 |
2018-07-26 | CVE-2017-12610 | Improper Authentication vulnerability in Apache Kafka In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka. | 6.8 |
2018-07-23 | CVE-2018-8031 | Cross-site Scripting vulnerability in Apache Tomee The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. | 6.1 |
2018-07-23 | CVE-2018-11757 | Unspecified vulnerability in Apache Openwhisk In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. | 9.8 |
2018-07-23 | CVE-2018-11756 | Unspecified vulnerability in Apache Openwhisk 1.0.0 In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. | 9.8 |