Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-30 | CVE-2017-3163 | Path Traversal vulnerability in Apache Solr When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. | 7.5 |
2017-08-29 | CVE-2017-3155 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | 6.1 |
2017-08-29 | CVE-2017-3154 | Information Exposure vulnerability in Apache Atlas 0.6.0/0.7.0 Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | 7.5 |
2017-08-29 | CVE-2017-3153 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | 6.1 |
2017-08-29 | CVE-2017-3152 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | 6.1 |
2017-08-29 | CVE-2017-3151 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | 6.1 |
2017-08-29 | CVE-2017-3150 | Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | 6.1 |
2017-08-29 | CVE-2016-8752 | Improper Access Control vulnerability in Apache Atlas 0.6.0/0.7.0/0.7.1 Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | 7.5 |
2017-08-29 | CVE-2015-5209 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | 7.5 |
2017-08-22 | CVE-2016-4460 | Improper Authentication vulnerability in Apache Pony Mail 0.6C/0.7B/0.8B Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | 9.8 |