Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-05 | CVE-2012-4386 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute. | 6.8 |
| 2012-09-05 | CVE-2012-3526 | Denial of Service vulnerability in Thomas Eibner MOD Rpaf 0.5/0.6 The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request. | 5.0 |
| 2012-08-27 | CVE-2012-3467 | Improper Authentication vulnerability in Apache Qpid Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | 5.0 |
| 2012-08-07 | CVE-2012-0213 | Resource Management Errors vulnerability in Apache POI The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document. | 5.0 |
| 2012-07-12 | CVE-2012-3376 | Cryptographic Issues vulnerability in Apache Hadoop 2.0.0 DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. | 7.5 |
| 2012-06-26 | CVE-2012-2381 | Cross-Site Scripting vulnerability in Apache Roller Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. | 3.5 |
| 2012-06-26 | CVE-2012-2380 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Roller Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. | 6.8 |
| 2012-06-17 | CVE-2012-0037 | XXE vulnerability in multiple products Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. | 6.5 |
| 2012-05-03 | CVE-2011-3620 | Improper Authentication vulnerability in Apache Qpid 0.12 Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username. | 7.5 |
| 2012-04-12 | CVE-2012-1574 | Cryptographic Issues vulnerability in multiple products The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors. | 6.5 |