Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2020-03-25 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache debian
critical
 9.8
9.8
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
5.5
2020-03-19 CVE-2019-12416 Injection vulnerability in Apache Deltaspike
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js.
network
low complexity
apache CWE-74
6.1
6.1
2020-03-16 CVE-2019-10091 Improper Certificate Validation vulnerability in Apache Geode 1.9.0
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake.
network
high complexity
apache CWE-295
7.4
7.4
2020-03-13 CVE-2020-1953 Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements.
network
low complexity
apache oracle
critical
 10.0
10
2020-03-11 CVE-2020-1947 Deserialization of Untrusted Data vulnerability in Apache Shardingsphere 4.0.0
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration.
network
low complexity
apache CWE-502
critical
 9.8
9.8