Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Apache
There are 1,975 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Published: June 26, 2020; 1:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.

Published: June 24, 2020; 12:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard.

Published: June 24, 2020; 2:15:11 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).

Published: June 23, 2020; 6:15:14 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 9.3 HIGH

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Published: June 22, 2020; 3:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

Published: June 19, 2020; 3:15:12 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

Published: June 15, 2020; 4:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM

FasterXML jackson-databind 2.x before mishandles the interaction between serialization gadgets and typing, related to (aka apache/drill).

Published: June 14, 2020; 5:15:09 PM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM

FasterXML jackson-databind 2.x before mishandles the interaction between serialization gadgets and typing, related to (aka xalan2).

Published: June 14, 2020; 4:15:10 PM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.

Published: June 12, 2020; 6:15:11 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

Published: June 08, 2020; 10:15:13 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Published: June 05, 2020; 11:15:10 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Published: June 04, 2020; 12:15:12 PM -0400
V3.1: 7.7 HIGH
V2.0: 6.8 MEDIUM

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.

Published: June 03, 2020; 3:15:10 PM -0400
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

Published: June 03, 2020; 9:15:10 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

Published: May 22, 2020; 10:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Published: May 20, 2020; 3:15:09 PM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

Published: May 20, 2020; 12:15:10 PM -0400
V3.1: 6.8 MEDIUM
V2.0: 4.3 MEDIUM

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.

Published: May 14, 2020; 1:15:12 PM -0400
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Published: May 14, 2020; 1:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM