CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apache : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-12407 79 XSS 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None Partial None
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
2 CVE-2019-12405 287 2019-09-09 2019-09-26
6.8
None Remote Medium Not required Partial Partial Partial
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
3 CVE-2019-12404 79 XSS 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None Partial None
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
4 CVE-2019-12402 399 DoS 2019-08-30 2019-09-03
5.0
None Remote Low Not required None None Partial
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
5 CVE-2019-12401 400 2019-09-10 2019-10-10
5.0
None Remote Low Not required None None Partial
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
6 CVE-2019-12397 79 XSS 2019-08-08 2019-08-14
4.3
None Remote Medium Not required None Partial None
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.
7 CVE-2019-10099 310 2019-08-07 2019-08-13
4.3
None Remote Medium Not required Partial None None
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
8 CVE-2019-10098 601 2019-09-25 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
9 CVE-2019-10097 119 Overflow 2019-09-26 2019-09-27
6.0
None Remote Medium Single system Partial Partial Partial
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
10 CVE-2019-10094 119 Overflow 2019-08-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
11 CVE-2019-10093 400 2019-08-02 2019-08-12
4.3
None Remote Medium Not required None None Partial
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.
12 CVE-2019-10092 79 XSS 2019-09-26 2019-09-30
4.3
None Remote Medium Not required None Partial None
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
13 CVE-2019-10090 79 XSS 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None Partial None
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
14 CVE-2019-10089 79 XSS 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None Partial None
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
15 CVE-2019-10088 119 Overflow 2019-08-02 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
16 CVE-2019-10087 79 XSS 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None Partial None
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
17 CVE-2019-10086 502 2019-08-20 2019-09-02
7.5
None Remote Low Not required Partial Partial Partial
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
18 CVE-2019-10085 79 XSS 2019-06-18 2019-06-19
4.3
None Remote Medium Not required None Partial None
In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.
19 CVE-2019-10082 416 2019-09-26 2019-09-27
6.4
None Remote Low Not required Partial None Partial
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
20 CVE-2019-10081 119 Overflow 2019-08-15 2019-08-30
5.0
None Remote Low Not required None None Partial
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
21 CVE-2019-10078 79 XSS 2019-05-20 2019-05-23
4.3
None Remote Medium Not required None Partial None
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
22 CVE-2019-10077 79 XSS 2019-05-20 2019-05-23
4.3
None Remote Medium Not required None Partial None
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
23 CVE-2019-10076 79 XSS 2019-05-20 2019-05-23
4.3
None Remote Medium Not required None Partial None
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
24 CVE-2019-10074 20 2019-09-11 2019-09-13
7.5
None Remote Low Not required Partial Partial Partial
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533
25 CVE-2019-10073 79 XSS 2019-09-11 2019-09-13
4.3
None Remote Medium Not required None Partial None
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616
26 CVE-2019-10072 400 2019-06-21 2019-06-25
5.0
None Remote Low Not required None None Partial
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
27 CVE-2019-10071 20 Exec Code 2019-09-16 2019-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.
28 CVE-2019-9518 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
29 CVE-2019-9517 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
30 CVE-2019-9516 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
31 CVE-2019-9515 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
32 CVE-2019-9514 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
33 CVE-2019-9513 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
34 CVE-2019-9512 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
35 CVE-2019-9511 400 DoS 2019-08-13 2019-08-23
7.8
None Remote Low Not required None None Complete
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
36 CVE-2019-0234 79 XSS 2019-07-15 2019-07-18
4.3
None Remote Medium Not required None Partial None
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.
37 CVE-2019-0231 319 2019-10-01 2019-10-08
5.0
None Remote Low Not required Partial None None
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.
38 CVE-2019-0229 352 CSRF 2019-04-10 2019-04-11
6.8
None Remote Medium Not required Partial Partial Partial
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
39 CVE-2019-0228 611 2019-04-17 2019-07-08
7.5
None Remote Low Not required Partial Partial Partial
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
40 CVE-2019-0227 918 2019-05-01 2019-05-03
5.4
None Local Network Medium Not required Partial Partial Partial
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
41 CVE-2019-0226 22 Dir. Trav. 2019-05-09 2019-05-10
5.5
None Remote Low Single system None Partial Partial
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.
42 CVE-2019-0225 22 Dir. Trav. 2019-03-28 2019-05-19
7.8
None Remote Low Not required Complete None None
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
43 CVE-2019-0224 79 XSS 2019-03-28 2019-05-19
4.3
None Remote Medium Not required None Partial None
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
44 CVE-2019-0223 295 2019-04-23 2019-06-06
4.0
None Remote High Not required Partial Partial None
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
45 CVE-2019-0222 94 2019-03-28 2019-07-23
5.0
None Remote Low Not required None None Partial
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
46 CVE-2019-0221 79 XSS 2019-05-28 2019-06-07
4.3
None Remote Medium Not required None Partial None
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
47 CVE-2019-0220 399 2019-06-11 2019-06-25
5.0
None Remote Low Not required Partial None None
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
48 CVE-2019-0218 79 XSS 2019-04-22 2019-04-26
4.3
None Remote Medium Not required None Partial None
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
49 CVE-2019-0217 362 Bypass 2019-04-08 2019-05-13
6.0
None Remote Medium Single system Partial Partial Partial
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
50 CVE-2019-0216 79 XSS 2019-04-10 2019-04-11
3.5
None Remote Medium Single system None Partial None
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
Total number of vulnerabilities : 1152   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.