Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-26 | CVE-2018-1302 | NULL Pointer Dereference vulnerability in multiple products When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. | 5.9 |
| 2018-03-26 | CVE-2018-1301 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. | 5.9 |
| 2018-03-26 | CVE-2018-1283 | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. | 5.3 |
| 2018-03-20 | CVE-2018-1322 | Information Exposure vulnerability in Apache Syncope An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters. | 4.9 |
| 2018-03-16 | CVE-2018-1324 | Infinite Loop vulnerability in multiple products A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. | 5.5 |
| 2018-03-15 | CVE-2018-1319 | Injection vulnerability in Apache Allura In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. | 6.1 |
| 2018-03-09 | CVE-2016-8612 | Improper Input Validation vulnerability in multiple products Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | 4.3 |
| 2018-02-28 | CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. | 5.9 |
| 2018-02-28 | CVE-2018-1286 | Improper Authentication vulnerability in Apache Openmeetings In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 6.5 |
| 2018-02-27 | CVE-2012-3536 | Cross-site Scripting vulnerability in Apache Hupa Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. | 6.1 |