| 2018-03-15 | CVE-2018-1319 | Injection vulnerability in Apache Allura
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. | 6.1 |
| 2018-03-12 | CVE-2018-1323 | Information Exposure vulnerability in Apache Tomcat JK Connector
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. | 7.5 |
| 2018-03-09 | CVE-2016-8612 | Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | 4.3 |
| 2018-03-07 | CVE-2017-12174 | It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. | 7.5 |
| 2018-03-05 | CVE-2018-1316 | Path Traversal vulnerability in Apache ODE
The ODE process deployment web service was sensible to deployment messages with forged names. | 7.5 |
| 2018-03-01 | CVE-2017-12627 | NULL Pointer Dereference vulnerability in Apache Xerces-C++
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 9.8 |
| 2018-02-28 | CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. | 5.9 |
| 2018-02-28 | CVE-2018-1286 | Improper Authentication vulnerability in Apache Openmeetings
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 6.5 |
| 2018-02-27 | CVE-2017-7671 | Improper Input Validation vulnerability in multiple products
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. | 7.5 |
| 2018-02-27 | CVE-2017-5660 | Improper Input Validation vulnerability in multiple products
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. | 8.6 |