Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2016-8738 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 5.9 |
| 2017-09-20 | CVE-2016-6795 | Path Traversal vulnerability in Apache Struts In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | 9.8 |
| 2017-09-19 | CVE-2017-12616 | Information Exposure vulnerability in Apache Tomcat When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | 7.5 |
| 2017-09-19 | CVE-2017-12615 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. | 8.1 |
| 2017-09-18 | CVE-2017-9803 | Improper Authentication vulnerability in Apache Solr Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. | 7.5 |
| 2017-09-18 | CVE-2017-9798 | Use After Free vulnerability in multiple products Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. | 7.5 |
| 2017-09-15 | CVE-2014-7808 | Cryptographic Issues vulnerability in Apache Wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | 7.5 |
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
| 2017-09-13 | CVE-2017-3165 | Cross-site Scripting vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. | 5.4 |
| 2017-09-13 | CVE-2017-12612 | Deserialization of Untrusted Data vulnerability in Apache Spark In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. | 7.8 |