Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2015-03-24 CVE-2015-0250 XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
network
low complexity
canonical apache redhat
6.4
2015-03-13 CVE-2015-2091 Cryptographic Issues vulnerability in Apache Mod-Gnutls
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
network
low complexity
apache CWE-310
5.0
2015-02-12 CVE-2015-0227 Permissions, Privileges, and Access Controls vulnerability in Apache Wss4J
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
network
low complexity
apache CWE-264
5.0
2015-02-02 CVE-2015-0223 Permissions, Privileges, and Access Controls vulnerability in Apache Qpid
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
network
low complexity
apache CWE-264
5.0
2015-01-15 CVE-2014-9593 Information Exposure vulnerability in Apache Cloudstack
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
network
low complexity
apache CWE-200
5.0
2015-01-13 CVE-2014-10022 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server
Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.
network
low complexity
apache CWE-119
5.0
2015-01-06 CVE-2014-9527 Resource Management Errors vulnerability in multiple products
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
network
low complexity
fedoraproject apache CWE-399
5.0
2014-12-18 CVE-2014-8108 Remote Denial of Service vulnerability in Apache Subversion
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
network
low complexity
redhat apache apple
5.0
2014-12-18 CVE-2014-3580 Remote Denial of Service vulnerability in Apache Subversion
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
network
low complexity
redhat apache debian apple
5.0
2014-12-10 CVE-2014-7809 Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.
network
apache CWE-352
6.8