Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-0782 Cross-site Scripting vulnerability in Apache Activemq
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
network
low complexity
apache CWE-79
5.4
2016-08-05 CVE-2016-5000 XXE vulnerability in Apache POI
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
local
low complexity
apache CWE-611
5.5
2016-07-28 CVE-2016-5005 Cross-site Scripting vulnerability in Apache Archiva
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
network
low complexity
apache CWE-79
4.8
2016-07-06 CVE-2016-1546 Resource Management Errors vulnerability in Apache Http Server 2.4.17/2.4.18
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
network
high complexity
apache CWE-399
5.9
2016-07-04 CVE-2016-4465 Improper Input Validation vulnerability in Apache Struts
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
network
low complexity
apache CWE-20
5.3
2016-06-10 CVE-2016-3085 7PK - Security Features vulnerability in Apache Cloudstack
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
network
high complexity
apache CWE-254
6.5
2016-06-07 CVE-2016-3093 Improper Input Validation vulnerability in multiple products
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
network
low complexity
ognl-project apache CWE-20
5.3
2016-06-01 CVE-2016-3094 Improper Input Validation vulnerability in Apache Qpid Broker-J 6.0.0/6.0.1/6.0.2
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
network
high complexity
apache CWE-20
5.9
2016-05-18 CVE-2016-0731 Improper Access Control vulnerability in Apache Ambari
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
network
low complexity
apache CWE-284
4.9
2016-05-09 CVE-2015-5208 Improper Input Validation vulnerability in Apache Cordova
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
local
low complexity
apache CWE-20
4.4