Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-33193 Unspecified vulnerability in Apache Http Server
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache
5.0
2021-08-16 CVE-2021-35936 Missing Authorization vulnerability in Apache Airflow
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default.
network
low complexity
apache CWE-862
5.0
2021-08-10 CVE-2021-21501 Path Traversal vulnerability in Apache Servicecomb
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.
network
low complexity
apache CWE-22
5.0
2021-07-29 CVE-2021-37578 Deserialization of Untrusted Data vulnerability in Apache Juddi
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services.
network
apache CWE-502
6.8
2021-07-26 CVE-2021-33900 Missing Encryption of Sensitive Data vulnerability in Apache Directory Studio
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used.
network
low complexity
apache CWE-311
5.0
2021-07-22 CVE-2021-28131 Improper Authentication vulnerability in Apache Impala
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user.
network
apache CWE-287
6.0
2021-07-15 CVE-2021-34429 Information Exposure vulnerability in multiple products
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse apache netapp CWE-200
5.0
2021-07-14 CVE-2021-36373 Unspecified vulnerability in Apache ANT
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
network
apache
4.3
2021-07-14 CVE-2021-36374 Unspecified vulnerability in Apache ANT
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
network
apache
4.3
2021-07-13 CVE-2021-35515 Excessive Iteration vulnerability in Apache Commons Compress
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.
network
low complexity
apache CWE-834
5.0