Apache Software Foundation

352 tracked vulnerabilities.

CVE-2017-3169 CRITICAL
Apache HTTP Server 2.2.x < 2.2.33 and 2.4.x < 2.4.26 - NULL Pointer Dereference in mod_ssl
Jun 20, 2017
CVSS 9.8
EPSS 0.31
CVE-2017-3167 CRITICAL
Apache HTTP Server 2.2.0-2.2.32 - Authentication Bypass via ap_get_basic_auth_pw()
Jun 20, 2017
CVSS 9.8
EPSS 0.09
CVE-2017-7677 MEDIUM
Apache Ranger <0.7.1 - Privilege Escalation
Jun 14, 2017
CVSS 5.9
EPSS 0.00
CVE-2017-7676 CRITICAL
Apache Ranger <0.7.1 - Path Traversal
Jun 14, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-7667 HIGH
Apache NiFi <1.3.0 - Info Disclosure
Jun 12, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-7665 MEDIUM
Apache NiFi < 0.7.4 and 1.x < 1.3.0 - Stored Cross-Site Scripting
Jun 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-5664 HIGH
Apache Tomcat 7.0.0-7.0.77, 8.0.0.RC1-8.0.43, 8.5.0-8.5.14, 9.0.0.M1-9.0.0.M20 - Error Page Exception Handling Flaw
Jun 06, 2017
CVSS 7.5
EPSS 0.11
CVE-2017-7669 HIGH
Apache Hadoop <3.0.0-alpha2 - Command Injection
Jun 05, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-5646 MEDIUM
Apache Knox 0.2.0-0.11.0 - Authenticated User Impersonation via Crafted WebHDFS URL
May 26, 2017
CVSS 6.8
EPSS 0.00
CVE-2017-5657 HIGH
Apache Archiva < 2.2.1 - Cross-Site Request Forgery
May 22, 2017
CVSS 8.0
EPSS 0.00
CVE-2017-7662 HIGH
Apache CXF Fediz <1.4.0-1.3.2 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7661 HIGH
Apache CXF Fediz <1.4.0-1.2.4 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5655 MEDIUM
Apache Ambari 2.2.2-2.4.2 and 2.5.0 - Unauthorized Sensitive Data Exposure via Temporary Files
May 15, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-5654 HIGH
Ambari <2.4.3-2.5.0 - Info Disclosure
May 12, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-3162 HIGH
Apache Hadoop < 2.7.0 - Server-Side Request Forgery via Unvalidated NameNode Parameter
Apr 26, 2017
CVSS 7.3
EPSS 0.02
CVE-2017-3161 MEDIUM
Apache Hadoop < 2.7.0 - Cross-Site Scripting via HDFS Web UI Query Parameter
Apr 26, 2017
CVSS 6.1
EPSS 0.06
CVE-2017-5656 HIGH
Apache CXF <3.1.11, <3.0.13 - Privilege Escalation
Apr 18, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5653 MEDIUM
Apache CXF 3.0.0-3.0.12 and 3.1.0-3.1.10 - Improper Certificate Validation in JAX-RS XML Security Streaming Clients
Apr 18, 2017
CVSS 5.3
EPSS 0.03
CVE-2017-5662 HIGH
Apache Batik < 1.9 - XML External Entity Injection
Apr 18, 2017
CVSS 7.3
EPSS 0.00
CVE-2017-5661 HIGH
Apache FOP < 2.2 - XML External Entity Injection via Malicious SVG File
Apr 18, 2017
CVSS 7.3
EPSS 0.02
CVE-2017-5645 CRITICAL NUCLEI
Apache Log4j 2.0-2.8.1 - Remote Code Execution via Untrusted Data Deserialization
Apr 17, 2017
CVSS 9.8
EPSS 0.94
CVE-2017-5659 HIGH
Apache Traffic Server < 6.2.1 - Denial of Service via Content Length and Chunked Encoding Mismatch
Apr 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5651 CRITICAL
Apache Tomcat <9.0.0.M19-<8.5.13 - Info Disclosure
Apr 17, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-5650 HIGH
Apache Tomcat 8.5.0-8.5.12 and 9.0.0.M1-9.0.0.M18 - Denial of Service via HTTP/2 GOAWAY Frame Handling
Apr 17, 2017
CVSS 7.5
EPSS 0.13
CVE-2017-5648 CRITICAL
Apache Tomcat < 9.0.0.M18 - Exposure to Wrong Actor
Apr 17, 2017
CVSS 9.1
EPSS 0.22
Products
Apache Tomcat 42 Apache HTTP Server 23 Apache OFBiz 20 Apache Airflow 19 Apache OpenMeetings 15 Apache Camel 11 Apache Struts 11 Apache Thrift 11 Apache CXF 9 Apache ActiveMQ 8 Apache Atlas 8 Apache NiFi 8 Apache CloudStack 7 Apache ActiveMQ All 6 Apache Hadoop 6 Apache OpenOffice 6 Apache Wicket 6 Apache ActiveMQ Broker 5 Apache Ranger 5 Apache Ambari 4 Apache Log4j Core 4 Apache MINA 4 Apache OpenNLP 4 Apache Polaris 4 Apache Traffic Server 4 Apache APISIX 3 Apache Brooklyn 3 Apache CXF Fediz 3 Apache Cassandra 3 Apache DolphinScheduler 3
Quick Filters
Critical CVEs With Exploits In CISA KEV