Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Total 2238 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0743 1 Apache 1 Log4net 2017-07-20 5.0 MEDIUM N/A
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
CVE-2017-7664 1 Apache 1 Openmeetings 2017-07-19 7.5 HIGH 10.0 CRITICAL
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
CVE-2017-7663 1 Apache 1 Openmeetings 2017-07-19 4.3 MEDIUM 6.1 MEDIUM
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
CVE-2017-7666 1 Apache 1 Openmeetings 2017-07-19 6.8 MEDIUM 8.8 HIGH
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2017-7681 1 Apache 1 Openmeetings 2017-07-19 6.5 MEDIUM 8.8 HIGH
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
CVE-2017-7683 1 Apache 1 Openmeetings 2017-07-19 5.0 MEDIUM 7.5 HIGH
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
CVE-2017-5659 1 Apache 1 Traffic Server 2017-07-11 5.0 MEDIUM 7.5 HIGH
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
CVE-2016-5396 1 Apache 1 Traffic Server 2017-07-11 7.8 HIGH 7.5 HIGH
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
CVE-2005-0808 1 Apache 1 Tomcat 2017-07-11 5.0 MEDIUM N/A
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
CVE-2005-0108 1 Apache 1 Mod Auth Radius 2017-07-11 5.0 MEDIUM N/A
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
CVE-2004-1575 1 Apache 1 Xerces-c\+\+ 2017-07-11 5.0 MEDIUM N/A
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
CVE-2003-1172 1 Apache 1 Cocoon 2017-07-11 5.0 MEDIUM N/A
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2003-0044 1 Apache 1 Tomcat 2017-07-11 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
CVE-2003-0042 1 Apache 1 Tomcat 2017-07-11 5.0 MEDIUM N/A
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
CVE-2002-1658 1 Apache 1 Http Server 2017-07-11 4.6 MEDIUM N/A
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
CVE-2001-1563 2 Apache, Hp 2 Tomcat, Secure Os 2017-07-11 7.5 HIGH N/A
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
CVE-2001-1449 2 Apache, Mandrakesoft 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2017-07-11 7.5 HIGH N/A
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
CVE-2017-7686 1 Apache 1 Ignite 2017-07-06 5.0 MEDIUM 7.5 HIGH
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
CVE-2015-5259 1 Apache 1 Subversion 2017-07-01 9.0 HIGH 8.6 HIGH
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
CVE-2015-5214 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2017-07-01 6.8 MEDIUM N/A
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.