Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2017-08-30 CVE-2017-3163 Path Traversal vulnerability in Apache Solr
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name.
network
low complexity
apache CWE-22
7.5
2017-08-29 CVE-2017-3155 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3154 Information Exposure vulnerability in Apache Atlas 0.6.0/0.7.0
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
network
low complexity
apache CWE-200
7.5
2017-08-29 CVE-2017-3153 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3152 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3151 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2017-3150 Cross-site Scripting vulnerability in Apache Atlas 0.6.0/0.7.0
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
network
low complexity
apache CWE-79
6.1
2017-08-29 CVE-2016-8752 Improper Access Control vulnerability in Apache Atlas 0.6.0/0.7.0/0.7.1
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
network
low complexity
apache CWE-284
7.5
2017-08-29 CVE-2015-5209 Improper Input Validation vulnerability in Apache Struts
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
network
low complexity
apache CWE-20
7.5
2017-08-22 CVE-2016-4460 Improper Authentication vulnerability in Apache Pony Mail 0.6C/0.7B/0.8B
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
network
low complexity
apache CWE-287
critical
9.8