Apache Software Foundation

564 tracked vulnerabilities.

CVE-2016-6806 HIGH
Apache Wicket 6.x < 6.25.0, 7.x < 7.5.0, 8.0.0-M1 - Cross-Site Request Forgery
Oct 03, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-8738 MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
Sep 20, 2017
CVSS 5.9
EPSS 0.03
CVE-2016-6795 CRITICAL
Apache Struts 2.3.x < 2.3.31 and 2.5.x < 2.5.5 - Remote Code Execution via Path Traversal
Sep 20, 2017
CVSS 9.8
EPSS 0.08
CVE-2016-8744 HIGH
Apache Brooklyn <0.10.0 - Code Injection
Sep 13, 2017
CVSS 8.8
EPSS 0.04
CVE-2016-8737 HIGH
Apache Brooklyn < 0.10.0 - Cross-Site Request Forgery
Sep 13, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-3086 CRITICAL
Apache Hadoop 2.6.0-2.6.4 and 2.7.0-2.7.2 - Unauthorized Sensitive Information Exposure via YARN NodeManager
Sep 05, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-5001 MEDIUM
Apache Hadoop < 2.6.4 and 2.7.0-2.7.1 - Unauthorized File Read via Short-Circuit Reads Token Guessing
Aug 30, 2017
CVSS 5.5
EPSS 0.01
CVE-2016-6800 MEDIUM
Apache OFBiz - Stored Cross-Site Scripting in Blog Article Summary and Content Fields
Aug 30, 2017
CVSS 6.1
EPSS 0.03
CVE-2016-4462 HIGH
Apache OFBiz - Authenticated Remote Code Execution via ExternalLoginKey Freemarker Injection
Aug 30, 2017
CVSS 8.8
EPSS 0.04
CVE-2016-8752 HIGH
Apache Atlas <0.8 - Info Disclosure
Aug 29, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-6796 HIGH
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 11, 2017
CVSS 7.5
EPSS 0.08
CVE-2016-8745 HIGH
Apache Tomcat <9.0.0.M14, 8.5.9, 8.0.40, 7.0.74, 6.0.49 - Info Disc...
Aug 10, 2017
CVSS 7.5
EPSS 0.16
CVE-2016-6817 HIGH
Apache Tomcat 8.5.0-8.5.6 and 9.0.0.M1-9.0.0.M11 - Denial of Service via HTTP/2 Header Parser
Aug 10, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-6797 HIGH
Apache Tomcat 6.0.0-6.0.45, 7.0.0-7.0.70, 8.0.0.RC1-8.0.36, 8.5.0-8.5.4, 9.0.0.M1-9.0.0.M9 - Incorrect Authorization
Aug 10, 2017
CVSS 7.5
EPSS 0.08
CVE-2016-8739 HIGH
Apache CXF <3.0.12, <3.1.9 - Info Disclosure
Aug 10, 2017
CVSS 7.5
EPSS 0.07
CVE-2016-6812 MEDIUM
Apache CXF < 3.0.12 and 3.1.x < 3.1.9 - Cross-Site Scripting via Matrix Parameters in HTTP Transport Module
Aug 10, 2017
CVSS 6.1
EPSS 0.09
CVE-2016-6794 MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.3
EPSS 0.07
CVE-2016-5018 CRITICAL
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Auth ...
Aug 10, 2017
CVSS 9.1
EPSS 0.10
CVE-2016-0762 MEDIUM
Apache Tomcat <9.0.0.M10, <8.5.5, <8.0.37, <7.0.71, <6.0.46 - Info ...
Aug 10, 2017
CVSS 5.9
EPSS 0.08
CVE-2016-8743 HIGH
Apache HTTP Server <2.2.32 & 2.4.25 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.13
CVE-2016-2161 HIGH
Apache HTTP Server 2.4.0-2.4.23 - Denial of Service via mod_auth_digest Input
Jul 27, 2017
CVSS 7.5
EPSS 0.21
CVE-2016-0736 HIGH
Apache HTTP Server <2.4.24 - Info Disclosure
Jul 27, 2017
CVSS 7.5
EPSS 0.49
CVE-2016-6798 CRITICAL
Apache Sling XSS Protection API < 1.0.12 - XML External Entity Injection via Insecure SAX Parser
Jul 19, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-5394 MEDIUM
Apache Sling XSS Protection API < 1.0.12 - Cross-Site Scripting via encodeForJSString Method
Jul 19, 2017
CVSS 6.1
EPSS 0.03
CVE-2016-8751 MEDIUM
Apache Ranger < 0.6.3 - Stored Cross-Site Scripting in Custom Policy Conditions
Jun 14, 2017
CVSS 4.8
EPSS 0.02