Apache Software Foundation
564 tracked vulnerabilities.
CVE-2017-9789
HIGH
Apache httpd 2.4.26 - Memory Corruption
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-9788
CRITICAL
Apache httpd <2.2.34 & 2.4.x <2.4.27 - Info Disclosure
Jul 13, 2017
CVSS 9.1
EPSS 0.57
CVE-2017-9787
HIGH
Apache Struts - Denial of Service via Spring AOP Functionality
Jul 13, 2017
CVSS 7.5
EPSS 0.10
CVE-2017-7672
MEDIUM
Apache Struts 2.5.0-2.5.10.1 - Denial of Service via URLValidator
Jul 13, 2017
CVSS 5.9
EPSS 0.09
CVE-2017-5652
HIGH
Apache Impala 2.7.0-2.8.0 - Cleartext Transmission of Sensitive Information via StatestoreSubscriber Thrift Transport
Jul 10, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-5640
CRITICAL
Apache Impala 2.7.0-2.8.0 - Improper Authentication via Early SASL Handshake Completion
Jul 10, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-7670
HIGH
Apache Traffic Control - Denial of Service via Slowloris Attack
Jul 10, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-9791
CRITICAL
KEVNUCLEI
Apache Struts 2.1.x and 2.3.x - Remote Code Execution via ActionMessage Field Value
Jul 10, 2017
CVSS 9.8
EPSS 0.99
CVE-2017-7660
HIGH
Apache Solr 5.3.0-5.5.4 and 6.0-6.5.1 - Improper Authentication via Malicious Node Name
Jul 07, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-7686
HIGH
Apache Ignite <2.0 - Info Disclosure
Jun 28, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-7679
CRITICAL
Apache httpd <2.2.33, <2.4.26 - Buffer Overflow
Jun 20, 2017
CVSS 9.8
EPSS 0.39
CVE-2017-7668
HIGH
Apache HTTP Server 2.2.32-2.4.24 - Out-of-bounds Read via Token List Parsing
Jun 20, 2017
CVSS 7.5
EPSS 0.57
CVE-2017-3169
CRITICAL
Apache HTTP Server 2.2.x < 2.2.33 and 2.4.x < 2.4.26 - NULL Pointer Dereference in mod_ssl
Jun 20, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-3167
CRITICAL
Apache HTTP Server 2.2.0-2.2.32 - Authentication Bypass via ap_get_basic_auth_pw()
Jun 20, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-7677
MEDIUM
Apache Ranger <0.7.1 - Privilege Escalation
Jun 14, 2017
CVSS 5.9
EPSS 0.03
CVE-2017-7676
CRITICAL
Apache Ranger <0.7.1 - Path Traversal
Jun 14, 2017
CVSS 9.8
EPSS 0.04
CVE-2017-7667
HIGH
Apache NiFi <1.3.0 - Info Disclosure
Jun 12, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-7665
MEDIUM
Apache NiFi < 0.7.4 and 1.x < 1.3.0 - Stored Cross-Site Scripting
Jun 12, 2017
CVSS 6.1
EPSS 0.04
CVE-2017-5664
HIGH
Apache Tomcat 7.0.0-7.0.77, 8.0.0.RC1-8.0.43, 8.5.0-8.5.14, 9.0.0.M1-9.0.0.M20 - Error Page Exception Handling Flaw
Jun 06, 2017
CVSS 7.5
EPSS 0.17
CVE-2017-7669
HIGH
Apache Hadoop <3.0.0-alpha2 - Command Injection
Jun 05, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5646
MEDIUM
Apache Knox 0.2.0-0.11.0 - Authenticated User Impersonation via Crafted WebHDFS URL
May 26, 2017
CVSS 6.8
EPSS 0.01
CVE-2017-5657
HIGH
Apache Archiva < 2.2.1 - Cross-Site Request Forgery
May 22, 2017
CVSS 8.0
EPSS 0.01
CVE-2017-7662
HIGH
Apache CXF Fediz <1.4.0-1.3.2 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-7661
HIGH
Apache CXF Fediz <1.4.0-1.2.4 - CSRF
May 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5655
MEDIUM
Apache Ambari 2.2.2-2.4.2 and 2.5.0 - Unauthorized Sensitive Data Exposure via Temporary Files
May 15, 2017
CVSS 6.5
EPSS 0.02
Products
Apache Tomcat 52
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache OpenMeetings 16
Apache APISIX 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters