apache

3,096 tracked vulnerabilities.

CVE-2019-17567 MEDIUM
Apache HTTP Server 2.4.6-2.4.46 - HTTP Request Smuggling via mod_proxy_wstunnel
Jun 10, 2021
CVSS 5.3
EPSS 0.60
CVE-2019-12412 HIGH
Apache libapreq2 2.07-2.13 - Denial of Service via Multipart Parser Null Pointer Dereference
Nov 19, 2020
CVSS 7.5
EPSS 0.04
CVE-2019-17566 HIGH
Apache Batik < 1.13 - Server-Side Request Forgery via xlink:href Attribute
Nov 12, 2020
CVSS 7.5
EPSS 0.11
CVE-2019-0233 HIGH
Apache Struts 2.0.0-2.5.20 - Denial of Service via File Upload Permission Override
Sep 14, 2020
CVSS 7.5
EPSS 0.69
CVE-2019-0230 CRITICAL NUCLEI
Apache Struts 2.0.0-2.5.20 - Remote Code Execution via Forced Double OGNL Evaluation
Sep 14, 2020
CVSS 9.8
EPSS 0.97
CVE-2019-17572 MEDIUM
Apache RocketMQ 4.2.0-4.6.0 - Path Traversal via Automatic Topic Creation
May 14, 2020
CVSS 5.3
EPSS 0.03
CVE-2019-17562 CRITICAL
Apache CloudStack < 4.13.1.0 - Buffer Overflow via Baremetal Virtual Router MAC Parameter
May 14, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-17557 MEDIUM
Apache Syncope < 2.0.15 - Cross-Site Scripting via Login Page successMessage Parameter
May 04, 2020
CVSS 5.4
EPSS 0.01
CVE-2019-12425 HIGH
Apache OFBiz 17.12.01 - Host Header Injection
Apr 30, 2020
CVSS 7.5
EPSS 0.05
CVE-2019-0235 HIGH
Apache OFBiz 17.12.01 - Cross-Site Request Forgery
Apr 30, 2020
CVSS 8.8
EPSS 0.33
CVE-2019-17564 CRITICAL NUCLEI
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.7, 2.7.0-2.7.4 - Remote Code Execution via Unsafe Java Deserialization
Apr 01, 2020
CVSS 9.8
EPSS 0.35
CVE-2019-17561 HIGH
Apache NetBeans <= 11.2 - Improper Verification of Cryptographic Signature
Mar 30, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-17560 CRITICAL
Apache NetBeans <= 11.2 - Improper Certificate Validation in Autoupdate System
Mar 30, 2020
CVSS 9.1
EPSS 0.02
CVE-2019-17565 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Chunked Encoding
Mar 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-17559 CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling via Scheme Parsing
Mar 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-12416 MEDIUM
Apache DeltaSpike < 1.9.2 and 1.9.4 - Injection in ClientSideWindowStrategy
Mar 19, 2020
CVSS 6.1
EPSS 0.03
CVE-2019-10091 HIGH
Apache Geode < 1.10.0 - Improper Certificate Validation
Mar 16, 2020
CVSS 7.4
EPSS 0.01
CVE-2019-14892 CRITICAL
jackson-databind < 2.6.7.3 - Remote Code Execution via Polymorphic Deserialization
Mar 02, 2020
CVSS 9.8
EPSS 0.05
CVE-2019-17569 MEDIUM
Apache Tomcat 7.0.98-7.0.99, 8.5.48-8.5.50, 9.0.28-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
Feb 24, 2020
CVSS 4.8
EPSS 0.09
CVE-2019-12426 MEDIUM
Apache OFBiz <16.11.07 - Info Disclosure
Feb 06, 2020
CVSS 5.3
EPSS 0.05
CVE-2019-20445 CRITICAL
Netty < 4.1.44 - HTTP Request Smuggling via Duplicate Content-Length Header
Jan 29, 2020
CVSS 9.1
EPSS 0.13
CVE-2019-17570 CRITICAL
Apache XML-RPC - Remote Code Execution via Untrusted Deserialization in XmlRpcResponseParser
Jan 23, 2020
CVSS 9.8
EPSS 0.49
CVE-2019-17573 MEDIUM
Apache CXF 3.2.0-3.2.11 - Reflected Cross-Site Scripting via Services Listing Page
Jan 16, 2020
CVSS 6.1
EPSS 0.07
CVE-2019-12423 HIGH
Apache CXF < 3.2.12 - Insufficiently Protected Credentials via JWK Keystore Configuration
Jan 16, 2020
CVSS 7.5
EPSS 0.06
CVE-2019-12398 MEDIUM
Apache Airflow < 1.10.5 - Authenticated Stored Cross-Site Scripting via Metadata Database State Manipulation
Jan 14, 2020
CVSS 4.8
EPSS 0.02