Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-10 | CVE-2017-5652 | Cleartext Transmission of Sensitive Information vulnerability in Apache Impala 2.7.0/2.8.0 During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. | 7.5 |
2017-07-10 | CVE-2017-7670 | Resource Exhaustion vulnerability in Apache Traffic Control The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. | 7.5 |
2017-07-07 | CVE-2017-7660 | Improper Authentication vulnerability in Apache Solr Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. | 7.5 |
2017-06-28 | CVE-2017-7686 | Information Exposure vulnerability in Apache Ignite Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. | 7.5 |
2017-06-20 | CVE-2017-7668 | Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. | 7.5 |
2017-06-12 | CVE-2017-7667 | Origin Validation Error vulnerability in Apache Nifi Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. | 7.5 |
2017-06-07 | CVE-2015-5175 | Improper Input Validation vulnerability in Apache CXF Fediz Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. | 7.5 |
2017-06-06 | CVE-2017-5664 | Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. | 7.5 |
2017-06-05 | CVE-2017-7669 | Improper Input Validation vulnerability in Apache Hadoop 2.8.0/3.0.0 In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. | 7.5 |
2017-05-30 | CVE-2016-3083 | Improper Certificate Validation vulnerability in Apache Hive Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). | 7.5 |