Apache Software Foundation

46 exploits Active since Aug 2013
CVE-2020-1937 NOMISEC HIGH STUB
Apache Kylin < 2.3.2 - SQL Injection
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
CVSS 8.8
CVE-2019-0225 NOMISEC HIGH WRITEUP
Apache Jspwiki < 2.11.0 - Path Traversal
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
CVSS 7.5
CVE-2019-12402 NOMISEC HIGH WRITEUP
Apache Commons Compress <1.19 - DoS
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
CVSS 7.5
CVE-2019-10089 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M4 - XSS
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS 6.1
CVE-2019-10078 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
CVSS 6.1
CVE-2019-10077 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVSS 6.1
CVE-2019-10076 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVSS 6.1
CVE-2017-9801 NOMISEC HIGH WRITEUP
Apache Commons Email <1.5 - Info Disclosure
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
CVSS 7.5
CVE-2018-1324 NOMISEC MEDIUM STUB
Apache Commons Compress < 1.15 - Infinite Loop
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
CVSS 5.5
CVE-2018-11771 NOMISEC MEDIUM STUB
Apache Commons Compress < 1.17.0 - Infinite Loop
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.
CVSS 5.5
CVE-2017-15717 NOMISEC MEDIUM WRITEUP
Apache Sling Xss Protection API < 1.0.18 - XSS
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.
CVSS 6.1
CVE-2016-4974 NOMISEC HIGH WRITEUP
Apache Amqp 0-x Jms Client < 6.0.3 - Improper Input Validation
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.
CVSS 7.5
CVE-2016-6809 NOMISEC CRITICAL STUB
Apache Tika < 1.13 - Insecure Deserialization
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
CVSS 9.8
CVE-2016-3092 NOMISEC HIGH WORKING POC
Apache Tomcat < 1.3.1 - Improper Input Validation
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
CVSS 7.5
CVE-2016-1000031 NOMISEC CRITICAL WORKING POC
Apache Commons FileUpload <1.3.3 - RCE
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
CVSS 9.8
CVE-2014-0050 NOMISEC WRITEUP
Apache Commons FileUpload <1.3.1 - DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
CVE-2013-2186 NOMISEC WRITEUP
Redhat Jboss Enterprise Brms Platform - Improper Input Validation
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
CVE-2011-4367 NOMISEC STUB
Apache MyFaces Core <2.0.12, <2.1.6 - Path Traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
CVE-2015-3271 NOMISEC MEDIUM STUB
Apache Tika <1.9 - Info Disclosure
Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.
CVSS 5.3
CVE-2022-47937 WRITEUP CRITICAL STUB
Apache Sling Commons Json < 2.0.20 - Improper Input Validation
Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.
CVSS 9.8
CVE-2024-29733 WRITEUP LOW WRITEUP
Apache Airflow FTP Provider <3.7.0 - Certificate Validation
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue.
CVSS 2.7