Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-15 CVE-2018-1319 Injection vulnerability in Apache Allura
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting.
network
low complexity
apache CWE-74
6.1
2018-03-09 CVE-2016-8612 Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
low complexity
apache redhat netapp
4.3
2018-02-28 CVE-2018-1304 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache redhat debian canonical oracle
5.9
2018-02-28 CVE-2018-1286 Improper Authentication vulnerability in Apache Openmeetings
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
network
low complexity
apache CWE-287
6.5
2018-02-27 CVE-2012-3536 Cross-site Scripting vulnerability in Apache Hupa
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project.
network
low complexity
apache CWE-79
6.1
2018-02-23 CVE-2018-1305 Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded.
network
low complexity
apache debian canonical oracle
6.5
2018-02-21 CVE-2015-0203 Data Processing Errors vulnerability in Apache Qpid
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
network
low complexity
apache CWE-19
6.5
2018-02-19 CVE-2009-4267 Improper Encoding or Escaping of Output vulnerability in Apache Juddi 3.0.0
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
network
low complexity
apache CWE-116
6.5
2018-02-19 CVE-2016-8750 LDAP Injection vulnerability in Apache Karaf
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP.
network
low complexity
apache CWE-90
6.5
2018-02-19 CVE-2017-15712 Path Traversal vulnerability in Apache Oozie
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process.
network
low complexity
apache CWE-22
6.5