apache vulnerabilities and exploits

4
MEDIUM
CVE-2019-3474

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6....

7.2
HIGH
CVE-2019-3475

A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6....

NA
CVE-2019-34753

Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities....

NA
CVE-2017-3164

Apache Solr is vulnerable to server-side request forgery, caused by not having corresponding whitelist mechanism in the shards parameter. By using a specially-crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack....

NA
CVE-2018-11783

An unspecified error with sslheaders plugin failing to strip the headers from the request in Apache Traffic Server has an unknown impact and attack vector....

NA
CVE-2014-0242

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2014-0242: This CVE is addressed in the SUSE advisories SUSE-SU-2014:0794-1, SUSE-SU-2014:0794-2, openSUSE-S...

4.3
MEDIUM
CVE-2018-20242

A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking....

5
MEDIUM
CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded....

5
MEDIUM
CVE-2019-0190

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSS...

5
MEDIUM
CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections....

2.1
LOW
CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincor...

LinuxLinux Kernel