Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-04 CVE-2017-5658 Information Exposure vulnerability in Apache Pony Mail
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks.
network
low complexity
apache CWE-200
5.3
2018-10-04 CVE-2018-11784 Open Redirect vulnerability in multiple products
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.
network
low complexity
apache debian canonical netapp redhat oracle CWE-601
4.3
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect.
network
high complexity
apache canonical redhat oracle netapp
5.9
2018-09-21 CVE-2018-8023 Information Exposure vulnerability in Apache Mesos
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT).
network
high complexity
apache CWE-200
5.9
2018-09-19 CVE-2018-8017 Infinite Loop vulnerability in Apache Tika
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
local
low complexity
apache CWE-835
5.5
2018-09-19 CVE-2018-11762 Path Traversal vulnerability in Apache Tika
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
network
high complexity
apache CWE-22
5.9
2018-09-17 CVE-2018-8041 Path Traversal vulnerability in Apache Camel
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
network
low complexity
apache CWE-22
5.3
2018-09-17 CVE-2017-15705 Improper Input Validation vulnerability in multiple products
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2.
network
low complexity
apache redhat debian canonical CWE-20
5.3
2018-08-29 CVE-2018-8040 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access.
network
low complexity
apache debian CWE-668
5.3
2018-08-29 CVE-2018-8005 Resource Exhaustion vulnerability in multiple products
When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache.
network
low complexity
apache debian CWE-400
5.3