Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-23 | CVE-2018-1305 | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. | 6.5 |
| 2018-02-21 | CVE-2015-0203 | Data Processing Errors vulnerability in Apache Qpid The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. | 6.5 |
| 2018-02-19 | CVE-2009-4267 | Improper Encoding or Escaping of Output vulnerability in Apache Juddi 3.0.0 The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | 6.5 |
| 2018-02-19 | CVE-2016-8750 | LDAP Injection vulnerability in Apache Karaf Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. | 6.5 |
| 2018-02-19 | CVE-2017-15712 | Path Traversal vulnerability in Apache Oozie Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. | 6.5 |
| 2018-02-13 | CVE-2017-15699 | Improper Input Validation vulnerability in Apache Qpid Dispatch 0.7.0/0.8.0 A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. | 6.5 |
| 2018-02-09 | CVE-2018-1298 | Improper Input Validation vulnerability in Apache Qpid Broker-J 7.0.0 A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. | 5.9 |
| 2018-02-06 | CVE-2013-4317 | Information Exposure vulnerability in Apache Cloudstack 4.1.0/4.1.1 In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own. | 4.3 |
| 2018-01-31 | CVE-2017-15706 | Improperly Implemented Security Check for Standard vulnerability in Apache Tomcat As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. | 5.3 |
| 2018-01-31 | CVE-2017-15698 | Improper Certificate Validation vulnerability in multiple products When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. | 5.9 |