Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-27 CVE-2017-7671 Improper Input Validation vulnerability in multiple products
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake.
network
low complexity
apache debian CWE-20
7.5
2018-02-27 CVE-2017-5660 Improper Input Validation vulnerability in multiple products
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding.
network
low complexity
apache debian CWE-20
8.6
2018-02-27 CVE-2017-15693 Deserialization of Untrusted Data vulnerability in Apache Geode
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form.
network
high complexity
apache CWE-502
7.5
2018-02-26 CVE-2017-15696 Information Exposure vulnerability in Apache Geode
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests.
network
low complexity
apache CWE-200
7.5
2018-02-21 CVE-2013-0267 Improper Input Validation vulnerability in Apache VCL
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
network
low complexity
apache CWE-20
8.8
2018-02-12 CVE-2016-8742 Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation.
local
low complexity
apache CWE-264
7.8
2018-02-12 CVE-2016-5397 Command Injection vulnerability in Apache Thrift
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool.
network
low complexity
apache CWE-77
8.8
2018-02-09 CVE-2018-1307 XXE vulnerability in Apache Juddi
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks.
network
high complexity
apache CWE-611
8.1
2018-02-06 CVE-2018-1299 Path Traversal vulnerability in Apache Allura
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application.
network
low complexity
apache CWE-22
7.5
2018-02-01 CVE-2017-3160 Unspecified vulnerability in Apache Cordova
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build.
network
high complexity
apache
7.4