Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-15 | CVE-2013-6398 | Permissions, Privileges, and Access Controls vulnerability in Apache Cloudstack The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | 2.8 |
2014-01-07 | CVE-2013-6480 | Information Exposure vulnerability in Apache Libcloud Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. | 2.1 |
2013-12-07 | CVE-2012-6612 | Unspecified vulnerability in Apache Solr The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. | 7.5 |
2013-12-07 | CVE-2013-6407 | XML External Entity Injection vulnerability in Apache Solr The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 6.4 |
2013-12-07 | CVE-2013-4505 | Permissions, Privileges, and Access Controls vulnerability in Apache MOD Dontdothat and Subversion The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | 2.6 |
2013-12-07 | CVE-2013-4212 | Code Injection vulnerability in Apache Roller Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection." | 6.8 |
2013-12-07 | CVE-2013-4171 | Cross-Site Scripting vulnerability in Apache Roller Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates. | 4.3 |
2013-11-02 | CVE-2013-6348 | Cross-Site Scripting vulnerability in Apache Struts 2.3.15.3 Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/. | 4.3 |
2013-10-24 | CVE-2013-4390 | Improper Input Validation vulnerability in Apache Sling and Sling Auth Core Component Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS." | 5.8 |
2013-10-24 | CVE-2013-4295 | Information Exposure vulnerability in Apache Shindig 2.5.0 The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |