Skip to main content

80 docs tagged with "Apache"

View all tags

CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for

CVE-2005-0108

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a

CVE-2005-0182

The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filena

CVE-2006-0150

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remo

CVE-2007-0098

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g

CVE-2007-0173

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist

CVE-2007-6388

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6

CVE-2007-6420

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap

CVE-2007-6421

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTT

CVE-2007-6422

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, w

CVE-2007-6423

Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when

CVE-2008-0005

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev

CVE-2010-4539

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in

CVE-2010-4644

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated us

CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form

CVE-2011-4905

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor e

CVE-2011-5057

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict

CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit

CVE-2012-0393

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public

CVE-2012-0394

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, all

CVE-2012-2378

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enfor

CVE-2012-2379

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token s

CVE-2012-3353

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes

CVE-2012-4555

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not pro

CVE-2012-4556

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remot

CVE-2013-4517

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attacke

CVE-2013-6992

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi

CVE-2014-3628

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x befo

CVE-2014-6275

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by pr

CVE-2014-9527

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infini

CVE-2016-6810

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identi

CVE-2017-12622

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user con

CVE-2017-15714

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. Thi

CVE-2017-15717

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidH

CVE-2017-17837

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The defaul

CVE-2017-9795

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s

CVE-2017-9796

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s

CVE-2018-11788

Apache Karaf provides a features deployer, which allows users to 'hot deploy' a features XML by drop

CVE-2018-11798

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComple

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconf

CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attac

CVE-2020-11995

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to

CVE-2020-13922

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to over

CVE-2020-17508

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgra

CVE-2020-17509

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled

CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra

CVE-2020-17519

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attack

CVE-2020-1925

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL fr

CVE-2021-27738

All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordin

CVE-2021-31522

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apach

CVE-2021-32824

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vul

CVE-2021-34797

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive in

CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) att

CVE-2021-36738

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable

CVE-2021-36739

The 'first name' and 'last name' fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetyp

CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the ST

CVE-2021-40110

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands t

CVE-2021-40111

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND a

CVE-2021-40525

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulner

CVE-2021-41767

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-priv

CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, p

CVE-2021-43297

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which

CVE-2021-43999

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity pr

CVE-2021-45456

Apache kylin checks the legitimacy of the project before executing some commands with the project na

CVE-2021-45457

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their p

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not e

CVE-2022-45787

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead t

CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote com

CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker wit

CVE-2022-46769

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabili

CVE-2023-49619

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerab

CVE-2023-51441

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users

CVE-2023-51784

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue

CVE-2023-51785

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: f

CVE-2023-6554

When access to the 'admin' folder is not protected by some external authorization mechanisms e.g. Ap