Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-25 | CVE-2018-1339 | Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. | 5.5 |
| 2018-04-25 | CVE-2018-1338 | Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. | 5.5 |
| 2018-04-19 | CVE-2018-2799 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). | 5.3 |
| 2018-03-26 | CVE-2018-1302 | NULL Pointer Dereference vulnerability in multiple products When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. | 5.9 |
| 2018-03-26 | CVE-2018-1301 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. | 5.9 |
| 2018-03-26 | CVE-2018-1283 | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. | 5.3 |
| 2018-03-20 | CVE-2018-1322 | Information Exposure vulnerability in Apache Syncope An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters. | 4.9 |
| 2018-03-16 | CVE-2018-1324 | Infinite Loop vulnerability in multiple products A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. | 5.5 |
| 2018-03-15 | CVE-2018-1319 | Injection vulnerability in Apache Allura In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. | 6.1 |
| 2018-03-09 | CVE-2016-8612 | Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. | 4.3 |