apache

2,905 tracked vulnerabilities.

CVE-2016-0763 MEDIUM
Apache Tomcat <7.0.68, <8.0.31, <9.0.0.M3 - Privilege Escalation
Feb 25, 2016
CVSS 6.3
EPSS 0.00
CVE-2016-0714 HIGH
Apache Tomcat <6.0.45-9.0.0.M2 - Privilege Escalation
Feb 25, 2016
CVSS 8.8
EPSS 0.07
CVE-2016-0706 MEDIUM
Apache Tomcat <6.0.45-9.0.0.M2 - Auth Bypass
Feb 25, 2016
CVSS 4.3
EPSS 0.01
CVE-2016-0956 HIGH
Apache Sling 2.3.6 - Info Disclosure
Feb 10, 2016
CVSS 7.5
EPSS 0.13
CVE-2015-2992 MEDIUM
Apache Struts < 2.3.20 - Cross-Site Scripting
Feb 27, 2020
CVSS 6.1
EPSS 0.01
CVE-2015-7559 LOW
Apache ActiveMQ < 5.14.5 - Denial of Service via Remote Shutdown Command
Aug 01, 2019
CVSS 2.7
EPSS 0.00
CVE-2015-0203 MEDIUM
Apache Qpid < 0.30 - Authenticated Denial of Service via AMQP Message
Feb 21, 2018
CVSS 6.5
EPSS 0.17
CVE-2015-3249 CRITICAL
Apache Traffic Server <5.3.1 - DoS/Code Injection
Oct 30, 2017
CVSS 9.8
EPSS 0.04
CVE-2015-0226 HIGH
Apache WSS4J < 1.6.17 and 2.0.0-2.0.1 - Information Disclosure via Decryption Failure Handling
Oct 30, 2017
CVSS 7.5
EPSS 0.05
CVE-2015-0224 HIGH
Apache Qpid < 0.30 - Denial of Service via Crafted Protocol Sequence
Oct 30, 2017
CVSS 7.5
EPSS 0.56
CVE-2015-1835 MEDIUM
Apache Cordova Android < 3.7.2 and 4.x < 4.0.2 - Secondary Configuration Variable Modification via Intent URL
Oct 27, 2017
CVSS 5.3
EPSS 0.01
CVE-2015-5169 MEDIUM
Apache Struts < 2.3.20 - Cross-Site Scripting
Sep 25, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-5206 CRITICAL
Apache Traffic Server <5.3.2 HTTP/2 Experimental Feature - Second Impact Unknown
Sep 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2015-5168 CRITICAL
Apache Traffic Server <5.3.2 HTTP/2 Experimental Feature - Impact Unknown
Sep 13, 2017
CVSS 9.8
EPSS 0.02
CVE-2015-3250 HIGH
Apache Directory LDAP API <1.0.0-M31 - Info Disclosure
Sep 07, 2017
CVSS 7.5
EPSS 0.02
CVE-2015-5209 HIGH
Apache Struts 2.x < 2.3.24.1 - Remote Code Execution via Top Object Manipulation
Aug 29, 2017
CVSS 7.5
EPSS 0.01
CVE-2015-0249 HIGH
Apache Roller 5.1-5.1.1 - Authenticated Remote Code Execution via Velocity Template Injection
Jul 17, 2017
CVSS 7.2
EPSS 0.00
CVE-2015-3254 MEDIUM
Apache Thrift < 0.9.2 - Authenticated Denial of Service via Skip Function
Jun 16, 2017
CVSS 6.5
EPSS 0.02
CVE-2015-5175 HIGH
Apache CXF Fediz < 1.1.3 and 1.2.x < 1.2.1 - Denial of Service
Jun 07, 2017
CVSS 7.5
EPSS 0.14
CVE-2015-5241 MEDIUM
Apache jUDDI 3.1.2-3.1.5 - Open Redirect
May 19, 2017
CVSS 6.1
EPSS 0.03
CVE-2015-3188 CRITICAL
Apache Storm 0.10.0-beta - Remote Code Execution
Jan 13, 2017
CVSS 9.8
EPSS 0.12
CVE-2015-3271 MEDIUM
Apache Tika Server < 1.10 - Exposure of Sensitive Information via HTTP fileUrl Header
Dec 15, 2016
CVSS 5.3
EPSS 0.01
CVE-2015-1832 CRITICAL
Apache Derby < 10.12.1.1 - XML External Entity Injection via SqlXmlUtil
Oct 03, 2016
CVSS 9.1
EPSS 0.01
CVE-2015-0899 HIGH
Apache Struts 1.1-1.3.10 - Remote Access Restriction Bypass via MultiPageValidator Page Parameter
Jul 04, 2016
CVSS 7.5
EPSS 0.69
CVE-2015-7611 HIGH
Apache James Server < 2.3.2.1 - OS Command Injection
Jun 07, 2016
CVSS 8.1
EPSS 0.75
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV