Apache Software Foundation

352 tracked vulnerabilities.

CVE-2016-6817 HIGH
Apache Tomcat 8.5.0-8.5.6 and 9.0.0.M1-9.0.0.M11 - Denial of Service via HTTP/2 Header Parser
Aug 10, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-6797 HIGH
Apache Tomcat 6.0.0-6.0.45, 7.0.0-7.0.70, 8.0.0.RC1-8.0.36, 8.5.0-8.5.4, 9.0.0.M1-9.0.0.M9 - Incorrect Authorization
Aug 10, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-8739 HIGH
Apache CXF <3.0.12, <3.1.9 - Info Disclosure
Aug 10, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-6812 MEDIUM
Apache CXF < 3.0.12 and 3.1.x < 3.1.9 - Cross-Site Scripting via Matrix Parameters in HTTP Transport Module
Aug 10, 2017
CVSS 6.1
EPSS 0.09
CVE-2016-6794 MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.3
EPSS 0.00
CVE-2016-5018 CRITICAL
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 10, 2017
CVSS 9.1
EPSS 0.01
CVE-2016-0762 MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.9
EPSS 0.01
CVE-2016-8743 HIGH
Apache HTTP Server <2.2.32 & 2.4.25 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.10
CVE-2016-2161 HIGH
Apache HTTP Server 2.4.0-2.4.23 - Denial of Service via mod_auth_digest Input
Jul 27, 2017
CVSS 7.5
EPSS 0.26
CVE-2016-0736 HIGH
Apache HTTP Server <2.4.24 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.42
CVE-2016-6798 CRITICAL
Apache Sling XSS Protection API < 1.0.12 - XML External Entity Injection via Insecure SAX Parser
Jul 19, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-5394 MEDIUM
Apache Sling XSS Protection API < 1.0.12 - Cross-Site Scripting via encodeForJSString Method
Jul 19, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-8751 MEDIUM
Apache Ranger < 0.6.3 - Stored Cross-Site Scripting in Custom Policy Conditions
Jun 14, 2017
CVSS 4.8
EPSS 0.00
CVE-2016-8746 MEDIUM
Apache Ranger <0.6.3 - Info Disclosure
Jun 14, 2017
CVSS 5.9
EPSS 0.01
CVE-2016-3083 HIGH
Apache Hive < 1.2.2 and 2.0.x < 2.0.1 - Improper Certificate Validation
May 30, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-8741 HIGH
Apache Qpid Broker for Java <6.0.6, <6.1.1 - Info Disclosure
May 15, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-6799 HIGH
Apache Cordova Android < 5.2.2 - Sensitive Information Exposure via Log File Insertion
May 09, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-5396 HIGH
Apache Traffic Server 6.0.0-6.2.0 - Denial of Service via HPACK Bomb Attack
Apr 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-8735 CRITICAL KEVNUCLEI
Apache Tomcat , 7.x , 8.x , 8.5.x , 9.x <6.0.48 <7.0.73 <8.0.39 <8.5.7 - Remote Code Execution
Apr 06, 2017
CVSS 9.8
EPSS 0.94
CVE-2016-6807 CRITICAL
Apache Ambari 2.4.0-2.4.1 - Unauthenticated Remote Code Execution via Custom Commands
Mar 28, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-8749 CRITICAL
Apache Camel 2.16.0-2.16.4 2.17.0-2.17.4 2.18.0-2.18.1 - Remote Code Execution via Jackson Unmarshalling
Mar 28, 2017
CVSS 9.8
EPSS 0.12
CVE-2016-6816 HIGH
Apache Tomcat 6.0.0-6.0.47, 7.0.0-7.0.72, 8.0.0.RC1-8.0.38, 8.5.0-8.5.6, 9.0.0.M1-9.0.0.M11 - HTTP Response Injection
Mar 20, 2017
CVSS 7.1
EPSS 0.03
CVE-2016-8747 HIGH
Apache Tomcat <9.0.0.M16 - Info Disclosure
Mar 14, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-8740 HIGH
Apache HTTP Server 2.4.17-2.4.23 - DoS
Dec 05, 2016
CVSS 7.5
EPSS 0.68
CVE-2015-5241 MEDIUM
Apache jUDDI 3.1.2-3.1.5 - Open Redirect
May 19, 2017
CVSS 6.1
EPSS 0.03
Products
Apache Tomcat 42 Apache HTTP Server 23 Apache OFBiz 20 Apache Airflow 19 Apache OpenMeetings 15 Apache Camel 11 Apache Struts 11 Apache Thrift 11 Apache CXF 9 Apache ActiveMQ 8 Apache Atlas 8 Apache NiFi 8 Apache CloudStack 7 Apache ActiveMQ All 6 Apache Hadoop 6 Apache OpenOffice 6 Apache Wicket 6 Apache ActiveMQ Broker 5 Apache Ranger 5 Apache Ambari 4 Apache Log4j Core 4 Apache MINA 4 Apache OpenNLP 4 Apache Polaris 4 Apache Traffic Server 4 Apache APISIX 3 Apache Brooklyn 3 Apache CXF Fediz 3 Apache Cassandra 3 Apache DolphinScheduler 3
Quick Filters
Critical CVEs With Exploits In CISA KEV