Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-16 CVE-2015-3254 Improper Input Validation vulnerability in Apache Thrift
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
network
low complexity
apache CWE-20
6.5
2017-06-14 CVE-2017-7677 Missing Authorization vulnerability in Apache Ranger
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
network
high complexity
apache CWE-862
5.9
2017-06-14 CVE-2016-8751 Cross-site Scripting vulnerability in Apache Ranger
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions.
network
low complexity
apache CWE-79
4.8
2017-06-14 CVE-2016-8746 Untrusted Search Path vulnerability in Apache Ranger
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
network
high complexity
apache CWE-426
5.9
2017-06-12 CVE-2017-7665 Cross-site Scripting vulnerability in Apache Nifi
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
network
low complexity
apache CWE-79
6.1
2017-06-06 CVE-2016-5004 Resource Exhaustion vulnerability in Apache Ws-Xmlrpc 3.1.3
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
network
low complexity
apache CWE-400
6.5
2017-05-26 CVE-2017-5646 Origin Validation Error vulnerability in Apache Knox
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox.
network
high complexity
apache CWE-346
6.8
2017-05-19 CVE-2015-5241 Open Redirect vulnerability in Apache Juddi
After logging into the portal, the logout jsp page redirects the browser back to the login page after.
network
low complexity
apache CWE-601
6.1
2017-05-15 CVE-2017-5655 Information Exposure vulnerability in Apache Ambari
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host.
network
low complexity
apache CWE-200
6.5
2017-05-02 CVE-2016-4467 Improper Certificate Validation vulnerability in Apache Qpid Proton
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
network
high complexity
apache CWE-295
5.9