Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-08 | CVE-2012-0880 | Resource Management Errors vulnerability in Apache Xerces-C++ Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. | 7.5 |
| 2017-08-08 | CVE-2011-4343 | Information Exposure vulnerability in Apache Myfaces Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters. | 7.5 |
| 2017-08-08 | CVE-2010-2245 | XXE vulnerability in Apache Wink XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document. | 7.4 |
| 2017-08-07 | CVE-2017-9801 | Improper Input Validation vulnerability in Apache Commons Email When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | 7.5 |
| 2017-07-27 | CVE-2016-8743 | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. | 7.5 |
| 2017-07-27 | CVE-2016-2161 | Improper Input Validation vulnerability in Apache Http Server In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | 7.5 |
| 2017-07-27 | CVE-2016-0736 | Cryptographic Issues vulnerability in Apache Http Server In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. | 7.5 |
| 2017-07-26 | CVE-2017-7659 | NULL Pointer Dereference vulnerability in Apache Http Server 2.4.24/2.4.25 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | 7.5 |
| 2017-07-17 | CVE-2017-7688 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 updates user password in insecure manner. | 7.5 |
| 2017-07-17 | CVE-2017-7684 | Resource Exhaustion vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. | 7.5 |