Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-20 | CVE-2017-7668 | Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. | 7.5 |
| 2017-06-12 | CVE-2017-7667 | Origin Validation Error vulnerability in Apache Nifi Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. | 7.5 |
| 2017-06-07 | CVE-2015-5175 | Improper Input Validation vulnerability in Apache CXF Fediz Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. | 7.5 |
| 2017-06-06 | CVE-2017-5664 | Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. | 7.5 |
| 2017-06-05 | CVE-2017-7669 | Improper Input Validation vulnerability in Apache Hadoop 2.8.0/3.0.0 In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. | 7.5 |
| 2017-05-30 | CVE-2016-3083 | Improper Certificate Validation vulnerability in Apache Hive Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). | 7.5 |
| 2017-05-22 | CVE-2017-6891 | Out-of-bounds Write vulnerability in multiple products Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. | 8.8 |
| 2017-05-22 | CVE-2017-5657 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Archiva Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. | 8.0 |
| 2017-05-16 | CVE-2017-7662 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. | 8.8 |
| 2017-05-16 | CVE-2017-7661 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |