CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apache : Security Vulnerabilities Published In 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9791 20 Exec Code 2017-07-10 2017-07-16
7.5
None Remote Low Not required Partial Partial Partial
The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
2 CVE-2017-9789 416 2017-07-13 2017-07-21
5.0
None Remote Low Not required None None Partial
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
3 CVE-2017-9788 20 DoS +Info 2017-07-13 2017-07-21
6.4
None Remote Low Not required Partial None Partial
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
4 CVE-2017-9787 284 2017-07-13 2017-07-19
4.0
None Remote Low Single system None None Partial
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
5 CVE-2017-7688 255 2017-07-17 2017-07-19
5.0
None Remote Low Not required Partial None None
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
6 CVE-2017-7686 200 +Info 2017-06-28 2017-07-06
5.0
None Remote Low Not required Partial None None
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
7 CVE-2017-7685 284 2017-07-17 2017-07-19
5.0
None Remote Low Not required Partial None None
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
8 CVE-2017-7684 399 DoS 2017-07-17 2017-07-19
5.0
None Remote Low Not required None None Partial
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
9 CVE-2017-7683 200 +Info 2017-07-17 2017-07-19
5.0
None Remote Low Not required Partial None None
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
10 CVE-2017-7682 284 2017-07-17 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
11 CVE-2017-7681 89 Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
12 CVE-2017-7680 284 2017-07-17 2017-07-19
5.0
None Remote Low Not required None Partial None
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
13 CVE-2017-7679 119 Overflow 2017-06-19 2017-07-06
7.5
None Remote Low Not required Partial Partial Partial
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
14 CVE-2017-7677 275 2017-06-14 2017-06-19
4.3
None Remote Medium Not required None Partial None
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
15 CVE-2017-7676 20 2017-06-14 2017-06-19
7.5
None Remote Low Not required Partial Partial Partial
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
16 CVE-2017-7673 310 2017-07-17 2017-07-19
5.0
None Remote Low Not required Partial None None
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
17 CVE-2017-7672 20 2017-07-13 2017-07-19
4.3
None Remote Medium Not required None None Partial
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
18 CVE-2017-7669 20 2017-06-04 2017-06-09
8.5
None Remote Medium Single system Complete Complete Complete
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
19 CVE-2017-7668 20 2017-06-19 2017-07-06
7.5
None Remote Low Not required Partial Partial Partial
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
20 CVE-2017-7667 346 2017-06-12 2017-06-19
5.0
None Remote Low Not required None Partial None
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
21 CVE-2017-7666 79 XSS CSRF 2017-07-17 2017-07-19
6.8
None Remote Medium Not required Partial Partial Partial
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
22 CVE-2017-7665 79 XSS 2017-06-12 2017-06-19
4.3
None Remote Medium Not required None Partial None
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
23 CVE-2017-7664 611 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
24 CVE-2017-7663 79 XSS 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None Partial None
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
25 CVE-2017-7662 352 CSRF 2017-05-16 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
26 CVE-2017-7661 352 CSRF 2017-05-16 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
27 CVE-2017-7660 287 2017-07-07 2017-07-17
5.0
None Remote Low Not required None Partial None
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.
28 CVE-2017-6056 19 DoS 2017-02-17 2017-05-22
5.0
None Remote Low Not required None None Partial
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
29 CVE-2017-5664 254 2017-06-06 2017-07-07
5.0
None Remote Low Not required None Partial None
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
30 CVE-2017-5662 611 DoS 2017-04-18 2017-07-10
7.9
None Remote Medium Single system Complete None Complete
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
31 CVE-2017-5661 611 DoS 2017-04-18 2017-05-05
7.9
None Remote Medium Single system Complete None Complete
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
32 CVE-2017-5659 20 2017-04-17 2017-07-10
5.0
None Remote Low Not required None None Partial
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
33 CVE-2017-5657 352 CSRF 2017-05-22 2017-07-07
6.0
None Remote Medium Single system Partial Partial Partial
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).
34 CVE-2017-5656 384 2017-04-18 2017-07-10
5.0
None Remote Low Not required Partial None None
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
35 CVE-2017-5655 200 +Info 2017-05-15 2017-05-22
4.0
None Remote Low Single system Partial None None
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
36 CVE-2017-5654 91 2017-05-12 2017-05-23
5.0
None Remote Low Not required Partial None None
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
37 CVE-2017-5653 20 2017-04-18 2017-07-10
5.0
None Remote Low Not required None Partial None
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
38 CVE-2017-5652 200 +Info 2017-07-10 2017-07-17
5.0
None Remote Low Not required Partial None None
During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.
39 CVE-2017-5651 19 2017-04-17 2017-07-10
7.5
None Remote Low Not required Partial Partial Partial
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
40 CVE-2017-5650 399 2017-04-17 2017-07-10
5.0
None Remote Low Not required None None Partial
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.
41 CVE-2017-5649 200 +Info 2017-04-04 2017-04-11
4.0
None Remote Low Single system Partial None None
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.
42 CVE-2017-5648 284 2017-04-17 2017-07-10
6.4
None Remote Low Not required Partial Partial None
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
43 CVE-2017-5647 200 +Info 2017-04-17 2017-07-10
5.0
None Remote Low Not required Partial None None
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
44 CVE-2017-5646 346 2017-05-26 2017-06-08
4.9
None Remote Medium Single system Partial Partial None
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release.
45 CVE-2017-5645 502 Exec Code 2017-04-17 2017-04-24
7.5
None Remote Low Not required Partial Partial Partial
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
46 CVE-2017-5644 399 DoS 2017-03-24 2017-03-28
7.1
None Remote Medium Not required None None Complete
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
47 CVE-2017-5643 918 2017-03-16 2017-03-31
5.8
None Remote Medium Not required Partial Partial None
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
48 CVE-2017-5642 284 2017-04-03 2017-04-10
7.5
None Remote Low Not required Partial Partial Partial
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.
49 CVE-2017-5640 287 2017-07-10 2017-07-17
7.5
None Remote Low Not required Partial Partial Partial
It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.
50 CVE-2017-5638 20 Exec Code 2017-03-10 2017-07-17
10.0
None Remote Low Not required Complete Complete Complete
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
Total number of vulnerabilities : 83   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.