Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-29 CVE-2018-8004 HTTP Request Smuggling vulnerability in multiple products
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS).
network
low complexity
apache debian CWE-444
6.5
2018-08-16 CVE-2018-11771 Infinite Loop vulnerability in multiple products
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached.
local
low complexity
apache oracle CWE-835
5.5
2018-08-14 CVE-2016-4975 CRLF Injection vulnerability in Apache Http Server
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir.
network
low complexity
apache CWE-93
6.1
2018-08-13 CVE-2018-11770 Improper Authentication vulnerability in Apache Spark
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit.
network
high complexity
apache CWE-287
4.2
2018-08-06 CVE-2017-12614 Cross-site Scripting vulnerability in Apache Airflow
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack.
network
low complexity
apache CWE-79
6.1
2018-08-02 CVE-2018-8037 Race Condition vulnerability in multiple products
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user.
network
high complexity
apache debian CWE-362
5.9
2018-08-02 CVE-2018-8032 Cross-site Scripting vulnerability in multiple products
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
network
low complexity
apache oracle debian CWE-79
6.1
2018-07-26 CVE-2017-12171 A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly.
network
low complexity
redhat apache
6.5
2018-07-26 CVE-2018-1288 In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
network
low complexity
apache redhat oracle
5.4
2018-07-26 CVE-2017-12610 Improper Authentication vulnerability in Apache Kafka
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
network
high complexity
apache CWE-287
6.8