Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-9793
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload....
3 Articles available
5
CVSSv2
CVE-2017-9804
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. ...
1 Github repository available
3 Articles available
6.8
CVSSv2
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads....
1 EDB exploit available
1 Metasploit module available
58 Github repositories available
12 Articles available
7.5
CVSSv2
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack....
9 Github repositories available
3 Articles available
5
CVSSv2
CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request....
10
CVSSv2
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,...
2 EDB exploits available
1 Metasploit module available
61 Github repositories available
24 Articles available
7.8
CVSSv2
CVE-2011-3192
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in...
2 EDB exploits available
1 Metasploit module available
1 Nmap script available
11 Github repositories available
5 Articles available
6.8
CVSSv2
CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache...
5
CVSSv2
CVE-2020-13933
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass....
4 Github repositories available
9
CVSSv2
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
memory leak
CVE-2020-5934
resilient security orchestration automation and response
CVE-2020-16263
cache poisoning
i2 analysts notebook
i2 ibase
stored XSS
CVE-2020-11615
CVE-2020-15999
ibm
CVE-2020-26131
CVE-2019-4547
1
2
3
4
5
NEXT »
Vulmon