Apache : Security Vulnerabilities, CVEs, Published In June 2016 (Gain Privilege)

CVE-2016-4437

Known exploited
Public exploit
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Max CVSS
8.1
EPSS Score
97.49%
Published
2016-06-07
Updated
2018-10-09
CISA KEV Added
2021-11-03

CVE-2016-4432

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
Max CVSS
9.1
EPSS Score
0.23%
Published
2016-06-01
Updated
2022-12-07

CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
Max CVSS
5.9
EPSS Score
1.37%
Published
2016-06-01
Updated
2023-05-22

CVE-2016-3085

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
Max CVSS
6.5
EPSS Score
0.06%
Published
2016-06-10
Updated
2018-10-09
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close