National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,619 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Published: June 26, 2018; 12:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Published: June 26, 2018; 11:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-8030

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

Published: June 19, 2018; 09:29:03 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Published: June 18, 2018; 02:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-12418

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Published: June 14, 2018; 12:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-15695

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.

Published: June 13, 2018; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2018-1281

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.

Published: June 08, 2018; 03:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-8008

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

Published: June 05, 2018; 03:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 5.8 MEDIUM
CVE-2018-1332

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

Published: June 05, 2018; 03:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Published: May 24, 2018; 12:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-1310

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Published: May 23, 2018; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1309

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Published: May 23, 2018; 10:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-8012

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

Published: May 21, 2018; 03:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-8010

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.

Published: May 21, 2018; 03:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-8015

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.

Published: May 18, 2018; 01:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.

Published: May 16, 2018; 12:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.

Published: May 07, 2018; 09:29:00 AM -04:00
V3: 5.3 MEDIUM
V2: 3.5 LOW
CVE-2018-8003

Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request, and those Ambari Servers that are protected behind a firewall, or in a restricted network zone are at less risk of being affected by this issue.

Published: May 03, 2018; 07:29:00 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-10583

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Published: May 01, 2018; 12:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Published: April 26, 2018; 05:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM