Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-08 | CVE-2016-4463 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | 7.5 |
2016-07-06 | CVE-2016-4979 | Improper Access Control vulnerability in Apache Http Server 2.4.18/2.4.19/2.4.20 The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. | 7.5 |
2016-07-04 | CVE-2016-4433 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. | 7.5 |
2016-07-04 | CVE-2016-4431 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. | 7.5 |
2016-07-04 | CVE-2016-4430 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 8.8 |
2016-07-04 | CVE-2016-3092 | Improper Input Validation vulnerability in multiple products The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | 7.5 |
2016-07-04 | CVE-2016-1182 | Improper Input Validation vulnerability in Apache Struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | 8.2 |
2016-07-04 | CVE-2016-1181 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. | 8.1 |
2016-07-04 | CVE-2015-0899 | Improper Input Validation vulnerability in Apache Struts The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | 7.5 |
2016-06-13 | CVE-2016-2174 | SQL Injection vulnerability in Apache Ranger 0.5.0/0.5.1/0.5.2 SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | 7.2 |