Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-03 | CVE-2014-0043 | Information Exposure vulnerability in Apache Wicket 1.5.10/6.13.0 In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. | 5.3 |
| 2017-09-30 | CVE-2017-9794 | Information Exposure vulnerability in Apache Geode When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. | 4.3 |
| 2017-09-30 | CVE-2016-4434 | XXE vulnerability in Apache Tika 1.12 Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. | 7.8 |
| 2017-09-29 | CVE-2017-9790 | Use After Free vulnerability in Apache Mesos When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. | 7.5 |
| 2017-09-29 | CVE-2017-7687 | Unspecified vulnerability in Apache Mesos When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. | 7.5 |
| 2017-09-28 | CVE-2017-12621 | XXE vulnerability in Apache Commons Jelly 1.0 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. | 9.8 |
| 2017-09-25 | CVE-2015-5169 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | 6.1 |
| 2017-09-20 | CVE-2017-9804 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 7.5 |
| 2017-09-20 | CVE-2017-9793 | Improper Input Validation vulnerability in Apache Struts The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. | 7.5 |
| 2017-09-20 | CVE-2017-12611 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | 9.8 |