apache

2,905 tracked vulnerabilities.

CVE-2016-5005 MEDIUM
Apache Archiva < 1.3.9 and < 2.2.1 - Authenticated Cross-Site Scripting via connector.sourceRepoId Parameter
Jul 28, 2016
CVSS 4.8
EPSS 0.01
CVE-2016-4469 HIGH
Apache Archiva < 1.3.9 - Cross-Site Request Forgery via Token Parameter
Jul 28, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5388 HIGH
Redhat Enterprise Linux Desktop < 7.5.5.0 - Improper Access Control
Jul 19, 2016
CVSS 8.1
EPSS 0.37
CVE-2016-5387 HIGH
Apache HTTP Server < 2.2.31 - Remote HTTP Traffic Redirection via HTTP_PROXY Header
Jul 19, 2016
CVSS 8.1
EPSS 0.60
CVE-2016-4974 HIGH
Apache Qpid AMQP JMS Client < 6.0.4 & JMS (AMQP 1.0) < 0.10.0 - RCE via JMS ObjectMessage Deserialization
Jul 13, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-4463 HIGH
Apache Xerces-C++ < 3.1.4 - Denial of Service via Deeply Nested DTD
Jul 08, 2016
CVSS 7.5
EPSS 0.38
CVE-2016-4979 HIGH
Apache HTTP Server 2.4.18-2.4.20 - Authentication Bypass via HTTP/2 Request Handling
Jul 06, 2016
CVSS 7.5
EPSS 0.17
CVE-2016-1546 MEDIUM
Apache HTTP Server <2.4.17-2.4.18 - DoS
Jul 06, 2016
CVSS 5.9
EPSS 0.42
CVE-2016-4465 MEDIUM
Apache Struts 2.3.20-2.3.28.1 and 2.5.x < 2.5.1 - Denial of Service via URLValidator Null Value
Jul 04, 2016
CVSS 5.3
EPSS 0.10
CVE-2016-4438 CRITICAL
Apache Struts 2.3.19-2.3.28.1 - Remote Code Execution via REST Plugin
Jul 04, 2016
CVSS 9.8
EPSS 0.62
CVE-2016-4433 HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
Jul 04, 2016
CVSS 7.5
EPSS 0.04
CVE-2016-4431 HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
Jul 04, 2016
CVSS 7.5
EPSS 0.08
CVE-2016-4430 HIGH
Apache Struts 2.3.20-2.3.28.1 - Cross-Site Request Forgery
Jul 04, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-3092 HIGH
Apache Tomcat 7.x < 7.0.70, 8.x < 8.0.36, 8.5.x < 8.5.3, 9.x < 9.0.0.M7 - Denial of Service via Long Boundary String
Jul 04, 2016
CVSS 7.5
EPSS 0.40
CVE-2016-1182 HIGH
Apache Struts 1.x-1.3.10 - Cross-Site Scripting or Denial of Service via Validator Configuration
Jul 04, 2016
CVSS 8.2
EPSS 0.03
CVE-2016-1181 HIGH
Apache Struts 1 <1.3.10 - RCE
Jul 04, 2016
CVSS 8.1
EPSS 0.11
CVE-2016-2174 HIGH
Apache Ranger < 0.5.3 - Authenticated SQL Injection via eventTime Parameter
Jun 13, 2016
CVSS 7.2
EPSS 0.01
CVE-2016-3085 MEDIUM
Apache CloudStack < 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 - SAML Authentication Bypass
Jun 10, 2016
CVSS 6.5
EPSS 0.00
CVE-2016-3093 MEDIUM
Apache Struts 2.0.0-2.3.24.1 - Denial of Service via OGNL Method Reference Caching
Jun 07, 2016
CVSS 5.3
EPSS 0.05
CVE-2016-3087 CRITICAL
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution
Jun 07, 2016
CVSS 9.8
EPSS 0.87
CVE-2016-4437 CRITICAL KEVNUCLEI
Apache Shiro < 1.2.5 - Remote Code Execution via Remember Me Feature
Jun 07, 2016
CVSS 9.8
EPSS 0.94
CVE-2016-4432 CRITICAL
Apache Qpid Java <6.0.3 - Auth Bypass
Jun 01, 2016
CVSS 9.1
EPSS 0.00
CVE-2016-3094 MEDIUM
Apache Qpid Broker-J < 6.0.2 and qpid-broker < 6.0.3 - Denial of Service via Crafted Authentication Attempt
Jun 01, 2016
CVSS 5.9
EPSS 0.01
CVE-2016-3088 CRITICAL KEVNUCLEI
ActiveMQ web shell upload
Jun 01, 2016
CVSS 9.8
EPSS 0.94
CVE-2016-2175 HIGH
Apache PDFBox < 1.8.12 and 2.x < 2.0.1 - XML External Entity Injection
Jun 01, 2016
CVSS 7.8
EPSS 0.06
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV