Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-04 | CVE-2016-1182 | Improper Input Validation vulnerability in Apache Struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | 8.2 |
| 2016-07-04 | CVE-2016-1181 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. | 8.1 |
| 2016-07-04 | CVE-2015-0899 | Improper Input Validation vulnerability in Apache Struts The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | 7.5 |
| 2016-06-13 | CVE-2016-2174 | SQL Injection vulnerability in Apache Ranger 0.5.0/0.5.1/0.5.2 SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | 7.2 |
| 2016-06-10 | CVE-2016-3085 | 7PK - Security Features vulnerability in Apache Cloudstack Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | 6.5 |
| 2016-06-07 | CVE-2016-3093 | Improper Input Validation vulnerability in multiple products Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | 5.3 |
| 2016-06-07 | CVE-2016-3087 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. | 9.8 |
| 2016-06-07 | CVE-2016-4437 | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. | 9.8 |
| 2016-06-07 | CVE-2015-7611 | OS Command Injection vulnerability in Apache James Server 2.3.2 Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. | 8.1 |
| 2016-06-01 | CVE-2016-4432 | Improper Authentication vulnerability in Apache Qpid Broker-J 6.0.0/6.0.1/6.0.2 The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. | 9.1 |