Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2017-3159 | Deserialization of Untrusted Data vulnerability in Apache Camel Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. | 9.8 |
| 2017-02-02 | CVE-2016-1566 | Cross-site Scripting vulnerability in Apache Guacamole 0.9.8/0.9.9 Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | 5.4 |
| 2017-01-18 | CVE-2016-6497 | 7PK - Security Features vulnerability in Apache Groovy Ldap main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. | 7.5 |
| 2017-01-13 | CVE-2015-3188 | Permissions, Privileges, and Access Controls vulnerability in Apache Storm 0.10.0 The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-12-15 | CVE-2015-3271 | Information Exposure vulnerability in Apache Tika 1.9 Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header. | 5.3 |
| 2016-12-05 | CVE-2016-8740 | Resource Management Errors vulnerability in Apache Http Server The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | 7.5 |
| 2016-11-29 | CVE-2016-5393 | Improper Access Control vulnerability in Apache Hadoop In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | 8.8 |
| 2016-10-25 | CVE-2016-1000031 | Improper Access Control vulnerability in Apache Commons Fileupload Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution | 9.8 |
| 2016-10-13 | CVE-2016-6325 | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | 7.8 |
| 2016-10-13 | CVE-2016-5425 | Incorrect Default Permissions vulnerability in Apache Tomcat The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | 7.8 |