Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2003-0192
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache...
4.3
CVSSv2
CVE-2009-0023
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive...
5
CVSSv2
CVE-2000-1206
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files....
4.3
CVSSv2
CVE-2019-12397
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix....
7.5
CVSSv2
CVE-2016-5003
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element....
2 Github repositories available
7.5
CVSSv2
CVE-2016-2170
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library....
2 Github repositories available
9.3
CVSSv2
CVE-2018-11776
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no...
3 EDB exploits available
1 Metasploit module available
73 Github repositories available
6 Articles available
5
CVSSv2
CVE-2016-6497
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods....
5
CVSSv2
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the...
2 EDB exploits available
1 Metasploit module available
1 Github repository available
1 Article available
6.8
CVSSv2
CVE-2019-0235
Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
elevation of privilege
type confusion
CVE-2020-1472
CVE-2020-1350
CVE-2020-14024
CVE-2020-6576
template injection
CVE-2019-16017
CVE-2020-2283
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon