Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache vulnerabilities and exploits
(subscribe to this query)
6.6
CVSSv2
CVE-2006-7098
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl....
Debian
Apache
1 EDB exploit available
1 Github repository available
5
CVSSv2
CVE-2017-2299
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust...
Puppet
Puppetlabs-apache
7.5
CVSSv2
CVE-2004-0009
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user....
Apache-ssl
7.5
CVSSv2
CVE-2008-0555
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that...
Apache-ssl
7.5
CVSSv2
CVE-2002-0082
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client...
Apache-ssl
Mod Ssl
3 EDB exploits available
3 Github repositories available
5.8
CVSSv2
CVE-2017-12619
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone"....
Apache
Zeppelin
5.1
CVSSv2
CVE-2018-17195
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication,...
Apache
Nifi
5
CVSSv2
CVE-2019-12408
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally...
Apache
Arrow
7.5
CVSSv2
CVE-2016-0779
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object....
Apache
Tomee
2 Github repositories available
4
CVSSv2
CVE-2018-11785
Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query....
Apache
Impala
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-20823
CVE-2020-13379
XSS
CVE-2020-11492
CVE-2019-20820
log injection
information disclosure
CVE-2020-7661
foxitsoftware
CVE-2020-9859
phantompdf
1
2
3
4
5
NEXT »
Vulmon