Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-30 | CVE-2009-1197 | Improper Input Validation vulnerability in Apache Juddi 0.9/2.0 Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp. | 5.0 |
| 2017-10-30 | CVE-2016-3090 | Improper Input Validation vulnerability in Apache Struts The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. | 6.5 |
| 2017-10-30 | CVE-2015-3249 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server 5.3.0 The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. | 9.8 |
| 2017-10-30 | CVE-2015-0226 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Wss4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. | 5.0 |
| 2017-10-30 | CVE-2015-0224 | Data Processing Errors vulnerability in Apache Qpid qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. | 7.5 |
| 2017-10-30 | CVE-2014-3624 | Improper Access Control vulnerability in Apache Traffic Server 5.1.0 Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | 9.8 |
| 2017-10-30 | CVE-2014-3526 | Information Exposure vulnerability in Apache Wicket Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. | 5.0 |
| 2017-10-30 | CVE-2013-4246 | Improper Access Control vulnerability in Apache Subversion 1.8.0/1.8.1 libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. | 6.5 |
| 2017-10-27 | CVE-2015-1835 | Improper Input Validation vulnerability in Apache Cordova Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. | 2.6 |
| 2017-10-27 | CVE-2014-3600 | XXE vulnerability in Apache Activemq XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | 9.8 |