Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-02 | CVE-2013-1847 | Unspecified vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. | 5.0 |
2013-05-02 | CVE-2013-1846 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. | 4.0 |
2013-05-02 | CVE-2013-1845 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. | 2.1 |
2013-04-21 | CVE-2013-3060 | Improper Authentication vulnerability in Apache Activemq The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | 6.4 |
2013-04-21 | CVE-2012-6551 | Resource Management Errors vulnerability in Apache Activemq The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests. | 5.0 |
2013-03-15 | CVE-2013-0248 | Permissions, Privileges, and Access Controls vulnerability in Apache Commons Fileupload The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. | 3.3 |
2013-03-14 | CVE-2012-4459 | Numeric Errors vulnerability in Apache Qpid Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. | 5.0 |
2013-03-14 | CVE-2012-4458 | Numeric Errors vulnerability in Apache Qpid The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. | 5.0 |
2013-03-14 | CVE-2012-4446 | Improper Authentication vulnerability in Apache Qpid The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. | 6.8 |
2013-03-14 | CVE-2013-1814 | Information Exposure vulnerability in Apache Rave The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. | 4.0 |