Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-15 | CVE-2016-8741 | Information Exposure vulnerability in Apache Qpid Broker-J The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. | 7.5 |
| 2017-05-12 | CVE-2017-5654 | XML Injection (aka Blind XPath Injection) vulnerability in Apache Ambari 2.4.0/2.4.1/2.5.0 In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | 7.5 |
| 2017-05-09 | CVE-2016-6799 | Information Exposure Through Log Files vulnerability in Apache Cordova Product: Apache Cordova Android 5.2.2 and earlier. | 7.5 |
| 2017-04-26 | CVE-2017-3162 | Improper Input Validation vulnerability in Apache Hadoop HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. | 7.3 |
| 2017-04-18 | CVE-2017-5656 | Session Fixation vulnerability in Apache CXF Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | 7.5 |
| 2017-04-18 | CVE-2017-5662 | XXE vulnerability in Apache Batik In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. | 7.3 |
| 2017-04-18 | CVE-2017-5661 | XXE vulnerability in Apache Formatting Objects Processor In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. | 7.3 |
| 2017-04-17 | CVE-2017-5659 | Improper Input Validation vulnerability in Apache Traffic Server Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | 7.5 |
| 2017-04-17 | CVE-2016-5396 | Resource Management Errors vulnerability in Apache Traffic Server Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | 7.5 |
| 2017-04-17 | CVE-2017-5650 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. | 7.5 |