Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-14 | CVE-2016-4975 | CRLF Injection vulnerability in Apache Http Server Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. | 6.1 |
| 2018-08-13 | CVE-2018-11770 | Improper Authentication vulnerability in Apache Spark From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. | 4.2 |
| 2018-08-08 | CVE-2018-11769 | Unspecified vulnerability in Apache Couchdb CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). | 7.2 |
| 2018-08-06 | CVE-2017-12614 | Cross-site Scripting vulnerability in Apache Airflow It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. | 6.1 |
| 2018-08-02 | CVE-2018-8037 | Race Condition vulnerability in multiple products If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. | 5.9 |
| 2018-08-02 | CVE-2018-1336 | Infinite Loop vulnerability in multiple products An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. | 7.5 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
| 2018-08-01 | CVE-2018-8034 | Improper Certificate Validation vulnerability in multiple products The host name verification when using TLS with the WebSocket client was missing. | 7.5 |
| 2018-07-31 | CVE-2018-8027 | XXE vulnerability in Apache Camel Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | 9.8 |
| 2018-07-31 | CVE-2018-8020 | Improper Certificate Validation vulnerability in multiple products Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. | 7.4 |