Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-30 | CVE-2013-4366 | Improper Input Validation vulnerability in Apache Httpclient 4.3 http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. | 9.8 |
| 2017-10-30 | CVE-2012-4449 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Hadoop Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. | 9.8 |
| 2017-10-30 | CVE-2015-3249 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server 5.3.0 The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. | 9.8 |
| 2017-10-30 | CVE-2014-3624 | Improper Access Control vulnerability in Apache Traffic Server 5.1.0 Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | 9.8 |
| 2017-10-27 | CVE-2014-3600 | XXE vulnerability in Apache Activemq XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | 9.8 |
| 2017-10-27 | CVE-2014-3579 | XXE vulnerability in Apache Activemq Apollo XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. | 9.8 |
| 2017-10-27 | CVE-2016-5003 | Deserialization of Untrusted Data vulnerability in Apache Ws-Xmlrpc 3.1.3 The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. | 9.8 |
| 2017-10-26 | CVE-2012-1622 | Unspecified vulnerability in Apache Ofbiz 10.04 Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-10-19 | CVE-2017-5636 | Injection vulnerability in Apache Nifi In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node. | 9.8 |
| 2017-10-14 | CVE-2017-12629 | XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. | 9.8 |