Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-13 | CVE-2016-4974 | Improper Input Validation vulnerability in Apache Amqp 0-X JMS Client and JMS Client Amqp Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function. | 7.5 |
| 2016-07-08 | CVE-2016-4463 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | 7.5 |
| 2016-07-06 | CVE-2016-4979 | Improper Access Control vulnerability in Apache Http Server 2.4.18/2.4.19/2.4.20 The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. | 7.5 |
| 2016-07-04 | CVE-2016-4433 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. | 7.5 |
| 2016-07-04 | CVE-2016-4431 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. | 7.5 |
| 2016-07-04 | CVE-2016-4430 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 8.8 |
| 2016-07-04 | CVE-2016-3092 | Improper Input Validation vulnerability in multiple products The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | 7.5 |
| 2016-07-04 | CVE-2016-1182 | Improper Input Validation vulnerability in Apache Struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | 8.2 |
| 2016-07-04 | CVE-2016-1181 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. | 8.1 |
| 2016-07-04 | CVE-2015-0899 | Improper Input Validation vulnerability in Apache Struts The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | 7.5 |