Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-7663 | Cross-site Scripting vulnerability in Apache Openmeetings 3.2.0/3.2.1 Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | 6.1 |
| 2017-07-17 | CVE-2016-6793 | Deserialization of Untrusted Data vulnerability in Apache Wicket The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object. | 9.1 |
| 2017-07-17 | CVE-2015-0249 | Code Injection vulnerability in Apache Roller 5.1.0/5.1.1 The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). | 7.2 |
| 2017-07-13 | CVE-2017-9789 | Use After Free vulnerability in Apache Http Server 2.4.26 When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. | 7.5 |
| 2017-07-13 | CVE-2017-9788 | Improper Input Validation vulnerability in multiple products In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. | 9.1 |
| 2017-07-13 | CVE-2017-9787 | Unspecified vulnerability in Apache Struts When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. | 7.5 |
| 2017-07-13 | CVE-2017-7672 | Improper Input Validation vulnerability in Apache Struts If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 5.9 |
| 2017-07-12 | CVE-2017-7678 | Cross-site Scripting vulnerability in Apache Spark In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. | 6.1 |
| 2017-07-10 | CVE-2017-5652 | Cleartext Transmission of Sensitive Information vulnerability in Apache Impala 2.7.0/2.8.0 During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. | 7.5 |
| 2017-07-10 | CVE-2017-5640 | Improper Authentication vulnerability in Apache Impala 2.7.0/2.8.0 It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). | 9.8 |