Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-18 | CVE-2017-9803 | Improper Authentication vulnerability in Apache Solr Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. | 7.5 |
| 2017-09-18 | CVE-2017-9798 | Use After Free vulnerability in multiple products Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. | 7.5 |
| 2017-09-15 | CVE-2014-7808 | Cryptographic Issues vulnerability in Apache Wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | 7.5 |
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
| 2017-09-13 | CVE-2017-3165 | Cross-site Scripting vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. | 5.4 |
| 2017-09-13 | CVE-2017-12612 | Deserialization of Untrusted Data vulnerability in Apache Spark In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. | 7.8 |
| 2017-09-13 | CVE-2016-8744 | Deserialization of Untrusted Data vulnerability in Apache Brooklyn Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. | 8.8 |
| 2017-09-13 | CVE-2016-8737 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. | 8.8 |
| 2017-09-13 | CVE-2015-5206 | Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. | 9.8 |
| 2017-09-13 | CVE-2015-5168 | Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. | 9.8 |