apache

3,096 tracked vulnerabilities.

CVE-2012-4557
Apache HTTP Server 2.2.12-2.2.21 - Denial of Service via mod_proxy_ajp Worker Consumption
Nov 30, 2012
EPSS 0.17
CVE-2012-5887
Apache Tomcat 5.5.0-5.5.35 - Improper Authentication via Stale Nonce Bypass
Nov 17, 2012
EPSS 0.12
CVE-2012-5886
Apache Tomcat 5.5.x < 5.5.36, 6.x < 6.0.36, 7.x < 7.0.30 - Authentication Bypass via Session ID
Nov 17, 2012
EPSS 0.09
CVE-2012-5885
Apache Tomcat 5.5.x-5.5.35 6.x-6.0.35 7.x-7.0.29 - Authentication Bypass via Digest Auth Replay Countermeasure
Nov 17, 2012
EPSS 0.09
CVE-2012-2733
Apache Tomcat <6.0.36, <7.0.28 - DoS
Nov 16, 2012
EPSS 0.09
CVE-2012-5786
Apache CXF < 2.6.17 - Man-in-the-Middle Attack via Improper Certificate Validation
Nov 04, 2012
EPSS 0.01
CVE-2012-5785
Apache Axis2/Java < 1.6.2 - Man-in-the-Middle Attack via Unverified X.509 Certificate
Nov 04, 2012
EPSS 0.02
CVE-2012-5784
Apache Axis <= 1.4 - Man-in-the-Middle Attack via SSL Certificate Hostname Mismatch
Nov 04, 2012
EPSS 0.06
CVE-2012-5783
Apache Commons HttpClient 3.x - Improper Certificate Validation
Nov 04, 2012
EPSS 0.09
CVE-2012-3446 MEDIUM
Apache Libcloud < 0.11.1 - Improper Certificate Validation
Nov 04, 2012
CVSS 5.9
EPSS 0.01
CVE-2012-4501
Apache CloudStack - Unauthenticated Arbitrary API Call Execution via System User Account
Oct 26, 2012
EPSS 0.08
CVE-2012-3506
Apache OFBiz <10.04.03 - Impact Unknown
Oct 25, 2012
EPSS 0.07
CVE-2012-5351
Apache Axis2 < 1.6.4 - Authentication Bypass via SAML Signature Exclusion
Oct 09, 2012
EPSS 0.05
CVE-2012-4418
Apache Axis2 < 1.7.9 - Authentication Bypass via XML Signature Wrapping Attack
Oct 09, 2012
EPSS 0.06
CVE-2012-2145
Apache Qpid < 0.17 - Denial of Service via Incomplete Client Connections
Sep 28, 2012
EPSS 0.04
CVE-2012-3451
Apache CXF < 2.4.9, 2.5.x < 2.5.5, 2.6.x < 2.6.2 - Remote Code Execution via SOAP Action Header
Sep 24, 2012
EPSS 0.09
CVE-2012-3373
Apache Wicket 1.4.x-1.4.20 and 1.5.x-1.5.7 - Cross-Site Scripting via Null Byte in Ajax Link URL
Sep 19, 2012
EPSS 0.03
CVE-2012-4387
Apache Struts 2.0.0-2.3.4 - Denial of Service via Long Parameter Name
Sep 05, 2012
EPSS 0.08
CVE-2012-4386
Apache Struts 2.0.0-2.3.4 - Cross-Site Request Forgery via Token Name Parameter
Sep 05, 2012
EPSS 0.03
CVE-2012-3467
Apache QPID <= 0.16 - Unauthenticated Authentication Bypass via NullAuthenticator
Aug 27, 2012
EPSS 0.06
CVE-2012-3502
Apache HTTP Server < 2.4.3 - Exposure of Sensitive Information via Proxy Connection Reuse
Aug 22, 2012
EPSS 0.10
CVE-2012-2687
Apache HTTP Server < 2.4.3 - Cross-Site Scripting via Crafted Filename in mod_negotiation
Aug 22, 2012
EPSS 0.23
CVE-2012-0213
Apache POI < 3.8 - Denial of Service via UnhandledDataStructure Length Value
Aug 07, 2012
EPSS 0.08
CVE-2012-2665
OpenOffice.org/LibreOffice <3.5.5 - Buffer Overflow
Aug 06, 2012
EPSS 0.07
CVE-2012-3376
Apache Hadoop 2.0.0-alpha - Unauthenticated Arbitrary Block Access via BlockToken Bypass
Jul 12, 2012
EPSS 0.03