Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-10 CVE-2017-5652 Cleartext Transmission of Sensitive Information vulnerability in Apache Impala 2.7.0/2.8.0
During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS.
network
low complexity
apache CWE-319
7.5
2017-07-10 CVE-2017-7670 Resource Exhaustion vulnerability in Apache Traffic Control
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack.
network
low complexity
apache CWE-400
7.5
2017-07-07 CVE-2017-7660 Improper Authentication vulnerability in Apache Solr
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled.
network
low complexity
apache CWE-287
7.5
2017-06-28 CVE-2017-7686 Information Exposure vulnerability in Apache Ignite
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements.
network
low complexity
apache CWE-200
7.5
2017-06-20 CVE-2017-7668 Out-of-bounds Read vulnerability in multiple products
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string.
network
low complexity
apache netapp redhat debian oracle apple CWE-125
7.5
2017-06-12 CVE-2017-7667 Origin Validation Error vulnerability in Apache Nifi
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
network
low complexity
apache CWE-346
7.5
2017-06-07 CVE-2015-5175 Improper Input Validation vulnerability in Apache CXF Fediz
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.
network
low complexity
apache CWE-20
7.5
2017-06-06 CVE-2017-5664 Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page.
network
low complexity
apache CWE-755
7.5
2017-06-05 CVE-2017-7669 Improper Input Validation vulnerability in Apache Hadoop 2.8.0/3.0.0
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation.
network
high complexity
apache CWE-20
7.5
2017-05-30 CVE-2016-3083 Improper Certificate Validation vulnerability in Apache Hive
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes).
network
low complexity
apache CWE-295
7.5