Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-29 | CVE-2017-7687 | Unspecified vulnerability in Apache Mesos When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. | 7.5 |
| 2017-09-28 | CVE-2017-12621 | XXE vulnerability in Apache Commons Jelly 1.0 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. | 9.8 |
| 2017-09-25 | CVE-2015-5169 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | 6.1 |
| 2017-09-20 | CVE-2017-9804 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 7.5 |
| 2017-09-20 | CVE-2017-9793 | Improper Input Validation vulnerability in Apache Struts The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. | 7.5 |
| 2017-09-20 | CVE-2017-12611 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | 9.8 |
| 2017-09-20 | CVE-2016-8738 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 5.9 |
| 2017-09-20 | CVE-2016-6795 | Path Traversal vulnerability in Apache Struts In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | 9.8 |
| 2017-09-19 | CVE-2017-12616 | Information Exposure vulnerability in Apache Tomcat When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | 7.5 |
| 2017-09-19 | CVE-2017-12615 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. | 8.1 |