Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2016-6807
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user...
Apache
Ambari
4.3
CVSSv2
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers...
Apache
Commons-httpclient
5
CVSSv2
CVE-2002-0249
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message....
Apache
Http Server
10
CVSSv2
CVE-1999-0926
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers....
Apache
Http Server
1 EDB exploit available
6.8
CVSSv2
CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote...
Apache
Tomcat
5.8
CVSSv2
CVE-2017-12619
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone"....
Apache
Zeppelin
5
CVSSv2
CVE-2012-0022
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a...
Apache
Tomcat
4
CVSSv2
CVE-2017-9794
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh...
Apache
Geode
4.3
CVSSv2
CVE-2014-3574
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack....
Apache
Poi
5
CVSSv2
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read...
Apache
Apache Commons Daemon
Tomcat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-0674
arbitrary
CVE-2018-21060
CVE-2020-1624
CVE-2020-1991
local file inclusion
CVE-2020-10621
wireless
CVE-2020-6819
google
android
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon