Apache Software Foundation

564 tracked vulnerabilities.

CVE-2017-9789 HIGH
Apache httpd 2.4.26 - Memory Corruption
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-9788 CRITICAL
Apache httpd <2.2.34 & 2.4.x <2.4.27 - Info Disclosure
Jul 13, 2017
CVSS 9.1
EPSS 0.57
CVE-2017-9787 HIGH
Apache Struts - Denial of Service via Spring AOP Functionality
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-7672 MEDIUM
Apache Struts 2.5.0-2.5.10.1 - Denial of Service via URLValidator
Jul 13, 2017
CVSS 5.9
EPSS 0.09
CVE-2017-5652 HIGH
Apache Impala 2.7.0-2.8.0 - Cleartext Transmission of Sensitive Information via StatestoreSubscriber Thrift Transport
Jul 10, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-5640 CRITICAL
Apache Impala 2.7.0-2.8.0 - Improper Authentication via Early SASL Handshake Completion
Jul 10, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-7670 HIGH
Apache Traffic Control - Denial of Service via Slowloris Attack
Jul 10, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-9791 CRITICAL KEVNUCLEI
Apache Struts 2.1.x and 2.3.x - Remote Code Execution via ActionMessage Field Value
Jul 10, 2017
CVSS 9.8
EPSS 0.99
CVE-2017-7660 HIGH
Apache Solr 5.3.0-5.5.4 and 6.0-6.5.1 - Improper Authentication via Malicious Node Name
Jul 07, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-7686 HIGH
Apache Ignite <2.0 - Info Disclosure
Jun 28, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-7679 CRITICAL
Apache httpd <2.2.33, <2.4.26 - Buffer Overflow
Jun 20, 2017
CVSS 9.8
EPSS 0.39
CVE-2017-7668 HIGH
Apache HTTP Server 2.2.32-2.4.24 - Out-of-bounds Read via Token List Parsing
Jun 20, 2017
CVSS 7.5
EPSS 0.57
CVE-2017-3169 CRITICAL
Apache HTTP Server 2.2.x < 2.2.33 and 2.4.x < 2.4.26 - NULL Pointer Dereference in mod_ssl
Jun 20, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-3167 CRITICAL
Apache HTTP Server 2.2.0-2.2.32 - Authentication Bypass via ap_get_basic_auth_pw()
Jun 20, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-7677 MEDIUM
Apache Ranger <0.7.1 - Privilege Escalation
Jun 14, 2017
CVSS 5.9
EPSS 0.03
CVE-2017-7676 CRITICAL
Apache Ranger <0.7.1 - Path Traversal
Jun 14, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-7667 HIGH
Apache NiFi <1.3.0 - Info Disclosure
Jun 12, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-7665 MEDIUM
Apache NiFi < 0.7.4 and 1.x < 1.3.0 - Stored Cross-Site Scripting
Jun 12, 2017
CVSS 6.1
EPSS 0.04
CVE-2017-5664 HIGH
Apache Tomcat 7.0.0-7.0.77, 8.0.0.RC1-8.0.43, 8.5.0-8.5.14, 9.0.0.M1-9.0.0.M20 - Error Page Exception Handling Flaw
Jun 06, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-7669 HIGH
Apache Hadoop <3.0.0-alpha2 - Command Injection
Jun 05, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5646 MEDIUM
Apache Knox 0.2.0-0.11.0 - Authenticated User Impersonation via Crafted WebHDFS URL
May 26, 2017
CVSS 6.8
EPSS 0.01
CVE-2017-5657 HIGH
Apache Archiva < 2.2.1 - Cross-Site Request Forgery
May 22, 2017
CVSS 8.0
EPSS 0.01
CVE-2017-7662 HIGH
Apache CXF Fediz <1.4.0-1.3.2 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7661 HIGH
Apache CXF Fediz <1.4.0-1.2.4 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5655 MEDIUM
Apache Ambari 2.2.2-2.4.2 and 2.5.0 - Unauthorized Sensitive Data Exposure via Temporary Files
May 15, 2017
CVSS 6.5
EPSS 0.02