Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a...
Apache Subversion 1.8.1Apache Subversion 1.8.2Apache Subversion 1.8.3Apache Subversion 1.8.10Apache Subversion 1.8.11Apache SubversionApache Subversion 1.8.8Apache Subversion 1.8.9Apache Subversion 1.8.6Apache Subversion 1.8.7Apache Subversion 1.8.4Apache Subversion 1.8.5Apache Subversion 1.8.13Apple Xcode
NA
CVE-2010-0010
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size...
Apache Http Server 1.3.38Apache Http Server 1.3.37Apache Http Server 1.3.30Apache Http Server 1.3.3Apache Http Server 1.3.22Apache Http Server 1.3.20Apache Http Server 1.3.13Apache Http Server 1.3.12Apache Http Server 1.2.5Apache Http Server 1.2.4Apache Http Server 1.3.36Apache Http Server 1.3.35Apache Http Server 1.3.29Apache Http Server 1.3.28Apache Http Server 1.3.27Apache Http Server 1.3.2Apache Http Server 1.3.19Apache Http Server 1.3.11Apache Http Server 1.3.10Apache Http Server 1.2Apache Http Server 1.1Apache Http Server 1.0.5Apache Http Server 1.3.4Apache Http Server 1.3.39Apache Http Server 1.3.34Apache Http Server 1.3.33Apache Http Server 1.3.26Apache Http Server 1.3.25Apache Http Server 1.3.18Apache Http Server 1.3.17Apache Http Server 1.3.1Apache Http Server 1.3.0Apache Http Server 1.0.3Apache Http Server 1.0Apache Http Server 1.3.40Apache Http ServerApache Http Server 1.3.32Apache Http Server 1.3.31Apache Http Server 1.3.24Apache Http Server 1.3.23Apache Http Server 1.3.15Apache Http Server 1.3.14Apache Http Server 1.3Apache Http Server 1.2.6Apache Http Server 0.8.14Apache Http Server 0.8.11
7.5
CVSSv3
CVE-2016-8739
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk....
Apache Cxf 3.1.5Apache Cxf 3.1.6Apache Cxf 3.1.1Apache Cxf 3.1.2Apache CxfApache Cxf 3.1.0Apache Cxf 3.1.7Apache Cxf 3.1.8Apache Cxf 3.1.3Apache Cxf 3.1.4
8.8
CVSSv3
CVE-2016-6806
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was...
Apache Wicket 8.0.0Apache Wicket 6.22.0Apache Wicket 6.23.0Apache Wicket 6.24.0Apache Wicket 7.0.0Apache Wicket 6.21.0Apache Wicket 7.1.0Apache Wicket 7.3.0Apache Wicket 6.20.0Apache Wicket 7.2.0Apache Wicket 7.4.0
6.1
CVSSv3
CVE-2016-4975
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...
Apache Http Server 2.2.3Apache Http Server 2.2.4Apache Http Server 2.2.14Apache Http Server 2.2.15Apache Http Server 2.2.22Apache Http Server 2.2.23Apache Http Server 2.4.23Apache Http Server 2.4.20Apache Http Server 2.4.18Apache Http Server 2.4.6Apache Http Server 2.4.4Apache Http Server 2.2.10Apache Http Server 2.2.11Apache Http Server 2.2.18Apache Http Server 2.2.19Apache Http Server 2.2.26Apache Http Server 2.2.27Apache Http Server 2.4.12Apache Http Server 2.4.10Apache Http Server 2.4.1Apache Http Server 2.2.6Apache Http Server 2.2.8Apache Http Server 2.2.9Apache Http Server 2.2.16Apache Http Server 2.2.17Apache Http Server 2.2.24Apache Http Server 2.2.25Apache Http Server 2.4.17Apache Http Server 2.4.16Apache Http Server 2.4.3Apache Http Server 2.4.2Apache Http Server 2.2.0Apache Http Server 2.2.2Apache Http Server 2.2.12Apache Http Server 2.2.13Apache Http Server 2.2.20Apache Http Server 2.2.21Apache Http Server 2.2.29Apache Http Server 2.2.31Apache Http Server 2.4.9Apache Http Server 2.4.7
7.8
CVSSv3
CVE-2017-3166
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be...
Apache Hadoop 3.0.0Apache Hadoop 2.6.1Apache Hadoop 2.6.2Apache Hadoop 2.6.3Apache Hadoop 2.6.4Apache Hadoop 2.7.0Apache Hadoop 2.7.2Apache Hadoop 2.7.3Apache Hadoop 2.6.5Apache Hadoop 2.7.1
6.8
CVSSv3
CVE-2017-5646
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit...
Apache Knox 0.8.0Apache Knox 0.9.0Apache Knox 0.4.0Apache Knox 0.5.0Apache Knox 0.10.0Apache Knox 0.6.0Apache Knox 0.2.0Apache Knox 0.11.0Apache Knox 0.7.0Apache Knox 0.3.0
7.5
CVSSv3
CVE-2017-5637
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from...
Apache Zookeeper 3.4.8Apache Zookeeper 3.4.7Apache Zookeeper 3.5.2Apache Zookeeper 3.5.1Apache Zookeeper 3.4.4Apache Zookeeper 3.4.3Apache Zookeeper 3.4.2Apache Zookeeper 3.4.6Apache Zookeeper 3.4.5Apache Zookeeper 3.5.0Apache Zookeeper 3.4.9Apache Zookeeper 3.4.1Apache Zookeeper 3.4.0Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2017-5664
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error...
Apache Tomcat 7.0.4Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.75Apache Tomcat 7.0.76Apache Tomcat 7.0.3Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.50Apache Tomcat 7.0.51Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.77Apache Tomcat 7.0.0Apache Tomcat 7.0.5Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.73Apache Tomcat 7.0.74Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.38Apache Tomcat 8.0.39Apache Tomcat 8.0.0Apache Tomcat 8.0.7Apache Tomcat 8.0.9Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.42Apache Tomcat 8.0.43Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.40Apache Tomcat 8.0.41Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.0Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.11Apache Tomcat 8.5.12Apache Tomcat 9.0.0
NA
CVE-2004-0263
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information....
Apache Http Server 1.0.3Apache Http Server 1.0.5Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.2Apache Http Server 1.2.5Apache Http Server 1.3.18Apache Http Server 1.3.19Apache Http Server 1.3.20Apache Http Server 1.3.28Apache Http Server 1.3.29Apache Http Server 2.0.28Apache Http Server 2.0.41Apache Http Server 2.0.42Apache Http Server 2.0.9Ibm Http Server 1.3.19Apache Http Server 1.3.24Apache Http Server 1.3.25Apache Http Server 1.3.6Apache Http Server 1.3.7Apache Http Server 2.0.36Apache Http Server 2.0.37Apache Http Server 2.0.45Apache Http Server 2.0.46Apache Http Server 1.1Apache Http Server 1.1.1Apache Http Server 1.3.14Apache Http Server 1.3.17Apache Http Server 1.3.26Apache Http Server 1.3.27Apache Http Server 1.3.9Apache Http Server 2.0Apache Http Server 2.0.38Apache Http Server 2.0.39Apache Http Server 2.0.40Apache Http Server 2.0.47Apache Http Server 2.0.48Apache Http Server 1.0Apache Http Server 1.0.2Apache Http Server 1.3Apache Http Server 1.3.1Apache Http Server 1.3.22Apache Http Server 1.3.23Apache Http Server 1.3.3Apache Http Server 1.3.4Apache Http Server 2.0.32Apache Http Server 2.0.35Apache Http Server 2.0.43Apache Http Server 2.0.44
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2023-21014CVE-2023-21052arbitrary CVE-2023-27579open redirectCVE-2023-21019
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook