Apache : Security Vulnerabilities, CVEs, Published In June 2017 (Denial of service)
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
Max CVSS
6.5
EPSS Score
0.22%
Published
2017-06-06
Updated
2017-06-16
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.
Max CVSS
7.5
EPSS Score
4.50%
Published
2017-06-07
Updated
2021-06-16
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
Max CVSS
6.5
EPSS Score
0.52%
Published
2017-06-16
Updated
2023-02-13
3 vulnerabilities found