Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-16 | CVE-2017-7661 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |
| 2017-05-15 | CVE-2017-5655 | Information Exposure vulnerability in Apache Ambari In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. | 6.5 |
| 2017-05-15 | CVE-2016-8741 | Information Exposure vulnerability in Apache Qpid Broker-J The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. | 7.5 |
| 2017-05-12 | CVE-2017-5654 | XML Injection (aka Blind XPath Injection) vulnerability in Apache Ambari 2.4.0/2.4.1/2.5.0 In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | 7.5 |
| 2017-05-09 | CVE-2016-6799 | Information Exposure Through Log Files vulnerability in Apache Cordova Product: Apache Cordova Android 5.2.2 and earlier. | 7.5 |
| 2017-05-02 | CVE-2016-4467 | Improper Certificate Validation vulnerability in Apache Qpid Proton The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | 5.9 |
| 2017-04-26 | CVE-2017-3162 | Improper Input Validation vulnerability in Apache Hadoop HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. | 7.3 |
| 2017-04-26 | CVE-2017-3161 | Cross-site Scripting vulnerability in Apache Hadoop The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. | 6.1 |
| 2017-04-18 | CVE-2017-5656 | Session Fixation vulnerability in Apache CXF Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | 7.5 |
| 2017-04-18 | CVE-2017-5653 | Improper Certificate Validation vulnerability in Apache CXF JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | 5.3 |