Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-04 | CVE-2012-3446 | Improper Certificate Validation vulnerability in Apache Libcloud Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | 5.9 |
| 2012-10-26 | CVE-2012-4501 | Permissions, Privileges, and Access Controls vulnerability in multiple products Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | 10.0 |
| 2012-10-25 | CVE-2012-3506 | Security vulnerability in Apache Ofbiz 10.04.01/10.04.02 Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors. | 10.0 |
| 2012-10-09 | CVE-2012-5351 | Improper Authentication vulnerability in Apache Axis2 Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418. | 6.4 |
| 2012-10-09 | CVE-2012-4418 | Improper Authentication vulnerability in Apache Axis2 Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | 5.8 |
| 2012-09-28 | CVE-2012-2145 | Resource Management Errors vulnerability in Apache Qpid Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections. | 5.0 |
| 2012-09-19 | CVE-2012-3373 | Cross-Site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app. | 4.3 |
| 2012-09-15 | CVE-2012-4360 | Cross-Site Scripting vulnerability in Google MOD Pagespeed 0.10.19.1/0.10.22.4 Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-09-15 | CVE-2012-4001 | Improper Input Validation vulnerability in Google MOD Pagespeed The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers. | 5.0 |
| 2012-09-05 | CVE-2012-4387 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. | 5.0 |