# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-33879 |
|
|
|
2022-06-27 |
2022-10-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. |
2 |
CVE-2022-30973 |
|
|
DoS |
2022-05-31 |
2022-10-27 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. |
3 |
CVE-2021-36151 |
200 |
|
+Info |
2022-02-04 |
2022-02-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. |
4 |
CVE-2021-21295 |
444 |
|
|
2021-03-09 |
2022-05-12 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. |
5 |
CVE-2020-17521 |
|
|
|
2020-12-07 |
2022-07-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. |
6 |
CVE-2020-11990 |
|
|
|
2020-12-01 |
2022-01-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally. |
7 |
CVE-2020-10727 |
312 |
|
|
2020-06-26 |
2021-09-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file. |
8 |
CVE-2020-1954 |
|
|
|
2020-04-01 |
2022-02-21 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. |
9 |
CVE-2019-12415 |
611 |
|
XSS |
2019-10-23 |
2022-04-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. |
10 |
CVE-2018-11760 |
|
|
|
2019-02-04 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1. |
11 |
CVE-2018-8026 |
611 |
|
|
2018-07-05 |
2019-03-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. |
12 |
CVE-2018-8010 |
611 |
|
|
2018-05-21 |
2020-03-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs. |
13 |
CVE-2016-5001 |
200 |
|
+Info |
2017-08-30 |
2021-07-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. |
14 |
CVE-2016-4976 |
200 |
|
+Info |
2017-03-29 |
2017-04-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. |
15 |
CVE-2016-0707 |
264 |
|
+Info |
2016-05-18 |
2016-05-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. |
16 |
CVE-2015-1835 |
20 |
|
|
2017-10-27 |
2017-11-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. |
17 |
CVE-2015-1776 |
200 |
|
+Info |
2016-04-19 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. |
18 |
CVE-2014-0219 |
20 |
|
DoS |
2017-11-15 |
2019-01-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. |
19 |
CVE-2013-7393 |
59 |
|
+Priv |
2014-07-28 |
2016-10-18 |
2.4 |
None |
Local |
High |
??? |
None |
Partial |
Partial |
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). |
20 |
CVE-2013-6480 |
200 |
|
+Info |
2014-01-07 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. |
21 |
CVE-2013-6398 |
264 |
|
Bypass |
2014-01-15 |
2014-09-04 |
2.8 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. |
22 |
CVE-2013-4262 |
59 |
|
+Priv |
2014-07-28 |
2016-10-18 |
2.4 |
None |
Local |
High |
??? |
None |
Partial |
Partial |
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. |
23 |
CVE-2013-2071 |
200 |
|
+Info |
2013-06-01 |
2017-05-23 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. |
24 |
CVE-2013-1845 |
119 |
|
DoS Overflow |
2013-05-02 |
2018-10-30 |
2.1 |
None |
Remote |
High |
??? |
None |
None |
Partial |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. |
25 |
CVE-2013-0346 |
264 |
|
+Info |
2014-02-15 |
2014-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." |
26 |
CVE-2012-4534 |
399 |
|
DoS |
2012-12-19 |
2017-09-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. |
27 |
CVE-2012-2687 |
79 |
|
XSS |
2012-08-22 |
2021-06-06 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. |
28 |
CVE-2012-0021 |
20 |
|
DoS |
2012-01-28 |
2021-06-06 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. |
29 |
CVE-2011-2712 |
79 |
|
XSS |
2011-08-29 |
2018-10-09 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
30 |
CVE-2011-1772 |
79 |
|
XSS |
2011-05-13 |
2012-01-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. |
31 |
CVE-2010-1157 |
200 |
|
+Info |
2010-04-23 |
2019-03-25 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. |
32 |
CVE-2009-4269 |
310 |
|
|
2010-08-16 |
2011-01-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. |
33 |
CVE-2009-3094 |
476 |
|
DoS |
2009-09-08 |
2022-09-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. |
34 |
CVE-2008-5519 |
200 |
|
+Info |
2009-04-09 |
2019-04-15 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. |
35 |
CVE-2008-4308 |
200 |
|
+Info |
2009-02-26 |
2019-03-25 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. |
36 |
CVE-2008-0456 |
74 |
|
Http R.Spl. |
2008-01-25 |
2022-09-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. |
37 |
CVE-2007-1858 |
|
|
+Info |
2007-05-10 |
2019-03-25 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. |
38 |
CVE-2007-1358 |
79 |
|
XSS |
2007-05-10 |
2019-03-25 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
39 |
CVE-2005-3164 |
200 |
|
+Info |
2005-10-06 |
2022-02-03 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. |
40 |
CVE-2004-1834 |
|
|
|
2004-03-20 |
2021-06-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. |
41 |
CVE-2004-1387 |
|
|
|
2004-12-31 |
2018-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. |
42 |
CVE-2003-1581 |
79 |
|
XSS |
2010-02-05 |
2010-02-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. |
43 |
CVE-2002-1233 |
|
|
|
2002-11-04 |
2016-10-18 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. |
44 |
CVE-2001-1534 |
384 |
|
Bypass +Info |
2001-12-31 |
2021-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. |
45 |
CVE-2000-1247 |
16 |
|
|
2011-10-05 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. |