apache
3,096 tracked vulnerabilities.
CVE-2019-17567
MEDIUM
Apache HTTP Server 2.4.6-2.4.46 - HTTP Request Smuggling via mod_proxy_wstunnel
Jun 10, 2021
CVSS 5.3
EPSS 0.60
CVE-2019-12412
HIGH
Apache libapreq2 2.07-2.13 - Denial of Service via Multipart Parser Null Pointer Dereference
Nov 19, 2020
CVSS 7.5
EPSS 0.04
CVE-2019-17566
HIGH
Apache Batik < 1.13 - Server-Side Request Forgery via xlink:href Attribute
Nov 12, 2020
CVSS 7.5
EPSS 0.11
CVE-2019-0233
HIGH
Apache Struts 2.0.0-2.5.20 - Denial of Service via File Upload Permission Override
Sep 14, 2020
CVSS 7.5
EPSS 0.69
CVE-2019-0230
CRITICAL
NUCLEI
Apache Struts 2.0.0-2.5.20 - Remote Code Execution via Forced Double OGNL Evaluation
Sep 14, 2020
CVSS 9.8
EPSS 0.97
CVE-2019-17572
MEDIUM
Apache RocketMQ 4.2.0-4.6.0 - Path Traversal via Automatic Topic Creation
May 14, 2020
CVSS 5.3
EPSS 0.03
CVE-2019-17562
CRITICAL
Apache CloudStack < 4.13.1.0 - Buffer Overflow via Baremetal Virtual Router MAC Parameter
May 14, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-17557
MEDIUM
Apache Syncope < 2.0.15 - Cross-Site Scripting via Login Page successMessage Parameter
May 04, 2020
CVSS 5.4
EPSS 0.01
CVE-2019-12425
HIGH
Apache OFBiz 17.12.01 - Host Header Injection
Apr 30, 2020
CVSS 7.5
EPSS 0.05
CVE-2019-0235
HIGH
Apache OFBiz 17.12.01 - Cross-Site Request Forgery
Apr 30, 2020
CVSS 8.8
EPSS 0.33
CVE-2019-17564
CRITICAL
NUCLEI
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.7, 2.7.0-2.7.4 - Remote Code Execution via Unsafe Java Deserialization
Apr 01, 2020
CVSS 9.8
EPSS 0.35
CVE-2019-17561
HIGH
Apache NetBeans <= 11.2 - Improper Verification of Cryptographic Signature
Mar 30, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-17560
CRITICAL
Apache NetBeans <= 11.2 - Improper Certificate Validation in Autoupdate System
Mar 30, 2020
CVSS 9.1
EPSS 0.02
CVE-2019-17565
CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Chunked Encoding
Mar 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-17559
CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Scheme Parsing
Mar 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-12416
MEDIUM
Apache DeltaSpike < 1.9.2 and 1.9.4 - Injection in ClientSideWindowStrategy
Mar 19, 2020
CVSS 6.1
EPSS 0.03
CVE-2019-10091
HIGH
Apache Geode < 1.10.0 - Improper Certificate Validation
Mar 16, 2020
CVSS 7.4
EPSS 0.01
CVE-2019-14892
CRITICAL
jackson-databind < 2.6.7.3 - Remote Code Execution via Polymorphic Deserialization
Mar 02, 2020
CVSS 9.8
EPSS 0.05
CVE-2019-17569
MEDIUM
Apache Tomcat 7.0.98-7.0.99, 8.5.48-8.5.50, 9.0.28-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
Feb 24, 2020
CVSS 4.8
EPSS 0.09
CVE-2019-12426
MEDIUM
Apache OFBiz <16.11.07 - Info Disclosure
Feb 06, 2020
CVSS 5.3
EPSS 0.05
CVE-2019-20445
CRITICAL
Netty < 4.1.44 - HTTP Request Smuggling via Duplicate Content-Length Header
Jan 29, 2020
CVSS 9.1
EPSS 0.13
CVE-2019-17570
CRITICAL
Apache XML-RPC - Remote Code Execution via Untrusted Deserialization in XmlRpcResponseParser
Jan 23, 2020
CVSS 9.8
EPSS 0.49
CVE-2019-17573
MEDIUM
Apache CXF 3.2.0-3.2.11 - Reflected Cross-Site Scripting via Services Listing Page
Jan 16, 2020
CVSS 6.1
EPSS 0.07
CVE-2019-12423
HIGH
Apache CXF < 3.2.12 - Insufficiently Protected Credentials via JWK Keystore Configuration
Jan 16, 2020
CVSS 7.5
EPSS 0.06
CVE-2019-12398
MEDIUM
Apache Airflow < 1.10.5 - Authenticated Stored Cross-Site Scripting via Metadata Database State Manipulation
Jan 14, 2020
CVSS 4.8
EPSS 0.02
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters