Apache : Security Vulnerabilities, CVEs, Published In 2017 (Directory traversal)
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
Max CVSS
9.8
EPSS Score
2.02%
Published
2017-09-20
Updated
2019-08-12
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
Max CVSS
7.8
EPSS Score
0.16%
Published
2017-10-30
Updated
2017-11-15
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
Max CVSS
7.5
EPSS Score
0.52%
Published
2017-08-30
Updated
2018-05-17
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
Max CVSS
7.5
EPSS Score
0.18%
Published
2017-08-11
Updated
2023-12-08
4 vulnerabilities found