Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-11762 | Path Traversal vulnerability in Apache Tika In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. | 5.9 |
| 2018-09-17 | CVE-2018-8041 | Path Traversal vulnerability in Apache Camel Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | 5.3 |
| 2018-09-17 | CVE-2017-15705 | Improper Input Validation vulnerability in multiple products A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. | 5.3 |
| 2018-08-29 | CVE-2018-8040 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. | 5.3 |
| 2018-08-29 | CVE-2018-8005 | Resource Exhaustion vulnerability in multiple products When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. | 5.3 |
| 2018-08-29 | CVE-2018-8004 | HTTP Request Smuggling vulnerability in multiple products There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). | 6.5 |
| 2018-08-16 | CVE-2018-11771 | Infinite Loop vulnerability in multiple products When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. | 5.5 |
| 2018-08-14 | CVE-2016-4975 | CRLF Injection vulnerability in Apache Http Server Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. | 6.1 |
| 2018-08-13 | CVE-2018-11770 | Improper Authentication vulnerability in Apache Spark From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. | 4.2 |
| 2018-08-06 | CVE-2017-12614 | Cross-site Scripting vulnerability in Apache Airflow It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. | 6.1 |