Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Total 2238 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0257 2 Apache, Usanet Creations 2 Http Server, Makebid Auction Deluxe 2016-10-18 7.5 HIGH N/A
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
CVE-2002-0249 1 Apache 1 Http Server 2016-10-18 5.0 MEDIUM N/A
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
CVE-2002-0240 1 Apache 1 Http Server 2016-10-18 5.0 MEDIUM N/A
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
CVE-2000-1210 1 Apache 1 Tomcat 2016-10-18 5.0 MEDIUM N/A
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
CVE-1999-1293 1 Apache 1 Http Server 2016-10-18 10.0 HIGH N/A
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
CVE-2016-6801 2 Apache, Debian 2 Jackrabbit, Debian Linux 2016-10-04 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
CVE-2016-5395 1 Apache 1 Ranger 2016-09-27 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
CVE-2016-0760 1 Apache 1 Sentry 2016-08-22 6.5 MEDIUM 8.8 HIGH
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
CVE-2009-3569 1 Apache 1 Openoffice.org 2016-08-17 9.3 HIGH N/A
Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2016-2174 1 Apache 1 Ranger 2016-06-14 6.5 MEDIUM 7.2 HIGH
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
CVE-2016-0707 1 Apache 1 Ambari 2016-05-18 2.1 LOW 3.3 LOW
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.
CVE-2016-0731 1 Apache 1 Ambari 2016-05-18 4.0 MEDIUM 4.9 MEDIUM
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
CVE-2016-0735 1 Apache 1 Ranger 2016-04-19 6.5 MEDIUM 8.8 HIGH
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.
CVE-2016-2171 1 Apache 1 Jetspeed 2016-04-14 6.4 MEDIUM 7.5 HIGH
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
CVE-2015-8797 1 Apache 1 Solr 2016-02-22 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
CVE-2015-8795 1 Apache 1 Solr 2016-02-22 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
CVE-2015-7430 1 Apache 1 Hadoop 2016-01-07 4.6 MEDIUM 8.4 HIGH
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.
CVE-2015-5204 1 Apache 1 Cordova File Transfer 2015-12-18 4.3 MEDIUM N/A
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.
CVE-2015-5210 1 Apache 1 Ambari 2015-11-04 5.8 MEDIUM N/A
Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.
CVE-2015-3270 1 Apache 1 Ambari 2015-11-04 6.5 MEDIUM N/A
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.