Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-22 CVE-2017-6891 Out-of-bounds Write vulnerability in multiple products
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g.
network
low complexity
gnu debian apache CWE-787
8.8
2017-05-22 CVE-2017-5657 Cross-Site Request Forgery (CSRF) vulnerability in Apache Archiva
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks.
network
low complexity
apache CWE-352
8.0
2017-05-16 CVE-2017-7662 Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc.
network
low complexity
apache CWE-352
8.8
2017-05-16 CVE-2017-7661 Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications.
network
low complexity
apache CWE-352
8.8
2017-05-15 CVE-2016-8741 Information Exposure vulnerability in Apache Qpid Broker-J
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication.
network
low complexity
apache CWE-200
7.5
2017-05-12 CVE-2017-5654 XML Injection (aka Blind XPath Injection) vulnerability in Apache Ambari 2.4.0/2.4.1/2.5.0
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
network
low complexity
apache CWE-91
7.5
2017-05-09 CVE-2016-6799 Information Exposure Through Log Files vulnerability in Apache Cordova
Product: Apache Cordova Android 5.2.2 and earlier.
network
low complexity
apache CWE-532
7.5
2017-04-26 CVE-2017-3162 Improper Input Validation vulnerability in Apache Hadoop
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace.
network
low complexity
apache CWE-20
7.3
2017-04-18 CVE-2017-5656 Session Fixation vulnerability in Apache CXF
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
network
low complexity
apache CWE-384
7.5
2017-04-18 CVE-2017-5662 XXE vulnerability in Apache Batik
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files.
network
low complexity
apache CWE-611
7.3