Apache : Security Vulnerabilities, CVEs, Published In 2017 (Information Leak) CVSS score >= 9
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Max CVSS
9.1
EPSS Score
46.78%
Published
2017-07-13
Updated
2021-06-06
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Max CVSS
9.8
EPSS Score
0.07%
Published
2017-09-05
Updated
2017-09-11
2 vulnerabilities found