Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2011-05-07 CVE-2011-1503 Information Exposure vulnerability in Liferay Portal
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3.5
2011-05-07 CVE-2011-1502 Information Exposure vulnerability in Liferay Portal
Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
network
low complexity
liferay apache CWE-200
4.0
2011-04-08 CVE-2011-1475 Improper Input Validation vulnerability in Apache Tomcat
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
network
low complexity
apache CWE-20
5.0
2011-03-11 CVE-2011-0715 Denial Of Service vulnerability in Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
network
apache
4.3
2011-01-28 CVE-2010-3689 Path Traversal vulnerability in multiple products
soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
6.9
2011-01-28 CVE-2010-3454 Off-by-one Error vulnerability in multiple products
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
network
apache canonical debian CWE-193
critical
9.3
2011-01-28 CVE-2010-3452 Use After Free vulnerability in multiple products
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.
network
apache canonical debian CWE-416
critical
9.3
2011-01-28 CVE-2010-3451 Use After Free vulnerability in multiple products
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.
network
apache canonical debian CWE-416
critical
9.3
2011-01-28 CVE-2010-3450 Path Traversal vulnerability in multiple products
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a ..
network
apache canonical debian CWE-22
critical
9.3
2010-12-07 CVE-2010-4494 Double Free vulnerability in Google Chrome
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
7.5