Vulnerabilities > Apache > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-15 | CVE-2018-1319 | Injection vulnerability in Apache Allura In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. | 6.1 |
2018-03-09 | CVE-2016-8612 | Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | 4.3 |
2018-02-28 | CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. | 5.9 |
2018-02-28 | CVE-2018-1286 | Improper Authentication vulnerability in Apache Openmeetings In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 6.5 |
2018-02-27 | CVE-2012-3536 | Cross-site Scripting vulnerability in Apache Hupa Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. | 6.1 |
2018-02-23 | CVE-2018-1305 | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. | 6.5 |
2018-02-21 | CVE-2015-0203 | Data Processing Errors vulnerability in Apache Qpid The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. | 6.5 |
2018-02-19 | CVE-2009-4267 | Improper Encoding or Escaping of Output vulnerability in Apache Juddi 3.0.0 The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | 6.5 |
2018-02-19 | CVE-2016-8750 | LDAP Injection vulnerability in Apache Karaf Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. | 6.5 |
2018-02-19 | CVE-2017-15712 | Path Traversal vulnerability in Apache Oozie Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. | 6.5 |