Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-27 | CVE-2016-2161 | Improper Input Validation vulnerability in Apache Http Server In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | 7.5 |
| 2017-07-27 | CVE-2016-0736 | Cryptographic Issues vulnerability in Apache Http Server In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. | 7.5 |
| 2017-07-26 | CVE-2017-7659 | NULL Pointer Dereference vulnerability in Apache Http Server 2.4.24/2.4.25 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | 7.5 |
| 2017-07-19 | CVE-2016-6798 | XXE vulnerability in Apache Sling In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application. | 9.8 |
| 2017-07-19 | CVE-2016-5394 | Cross-site Scripting vulnerability in Apache Sling In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | 6.1 |
| 2017-07-17 | CVE-2017-7688 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 updates user password in insecure manner. | 7.5 |
| 2017-07-17 | CVE-2017-7685 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. | 5.3 |
| 2017-07-17 | CVE-2017-7684 | Resource Exhaustion vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. | 7.5 |
| 2017-07-17 | CVE-2017-7683 | Information Exposure vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | 7.5 |
| 2017-07-17 | CVE-2017-7682 | Unspecified vulnerability in Apache Openmeetings 3.2.0/3.2.1 Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. | 8.2 |