Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-31 | CVE-2014-0095 | Improper Input Validation vulnerability in Apache Tomcat 8.0.0/8.0.1/8.0.3 java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. | 5.0 |
2014-05-29 | CVE-2013-2193 | Improper Authentication vulnerability in Apache Hbase Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors. | 4.3 |
2014-05-23 | CVE-2012-5649 | Code Injection vulnerability in Apache Couchdb Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | 6.8 |
2014-05-08 | CVE-2014-0116 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. | 5.8 |
2014-04-29 | CVE-2013-7372 | Cryptographic Issues vulnerability in multiple products The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. | 5.0 |
2014-04-29 | CVE-2014-0113 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. | 7.5 |
2014-04-29 | CVE-2014-0112 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. | 7.5 |
2014-04-22 | CVE-2013-2187 | Cross-Site Scripting vulnerability in Apache Archiva Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page. | 4.3 |
2014-03-28 | CVE-2014-2668 | Improper Input Validation vulnerability in Apache Couchdb Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | 5.0 |
2014-03-18 | CVE-2012-5641 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. | 5.0 |