Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-09 CVE-2018-1308 XXE vulnerability in multiple products
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler.
network
low complexity
apache debian CWE-611
7.5
2018-03-27 CVE-2018-1327 Unspecified vulnerability in Apache Struts
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload.
network
low complexity
apache
7.5
2018-03-26 CVE-2018-1303 Out-of-bounds Read vulnerability in multiple products
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory.
network
low complexity
apache debian canonical netapp CWE-125
7.5
2018-03-26 CVE-2017-15715 Improper Input Validation vulnerability in multiple products
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename.
network
high complexity
apache debian canonical netapp redhat CWE-20
8.1
2018-03-26 CVE-2017-15710 Out-of-bounds Write vulnerability in multiple products
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials.
network
low complexity
apache debian canonical netapp redhat CWE-787
7.5
2018-03-20 CVE-2018-1321 Improper Input Validation vulnerability in Apache Syncope
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
network
low complexity
apache CWE-20
7.2
2018-03-20 CVE-2018-1294 Improper Input Validation vulnerability in Apache Commons Email
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated.
network
low complexity
apache CWE-20
7.5
2018-03-12 CVE-2018-1323 Information Exposure vulnerability in Apache Tomcat JK Connector
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly.
network
low complexity
apache CWE-200
7.5
2018-03-07 CVE-2017-12174 It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message.
network
low complexity
apache redhat
7.5
2018-03-05 CVE-2018-1316 Path Traversal vulnerability in Apache ODE
The ODE process deployment web service was sensible to deployment messages with forged names.
network
low complexity
apache CWE-22
7.5