| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-8026 |
611 |
|
|
2018-07-05 |
2018-09-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. |
|
2 |
CVE-2018-8010 |
611 |
|
|
2018-05-21 |
2018-06-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs. |
|
3 |
CVE-2016-5001 |
200 |
|
+Info |
2017-08-30 |
2017-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. |
|
4 |
CVE-2016-4976 |
200 |
|
+Info |
2017-03-29 |
2017-04-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. |
|
5 |
CVE-2016-0707 |
264 |
|
+Info |
2016-05-18 |
2016-05-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. |
|
6 |
CVE-2015-4940 |
200 |
|
+Info |
2015-11-08 |
2016-12-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. |
|
7 |
CVE-2015-1835 |
20 |
|
|
2017-10-27 |
2017-11-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. |
|
8 |
CVE-2015-1776 |
200 |
|
+Info |
2016-04-19 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. |
|
9 |
CVE-2014-0219 |
20 |
|
DoS |
2017-11-15 |
2017-11-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Apache Karaf enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. |
|
10 |
CVE-2013-7393 |
59 |
|
+Priv |
2014-07-28 |
2016-10-17 |
2.4 |
None |
Local |
High |
Single system |
None |
Partial |
Partial |
|
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). |
|
11 |
CVE-2013-6480 |
200 |
|
+Info |
2014-01-07 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. |
|
12 |
CVE-2013-6398 |
264 |
|
Bypass |
2014-01-15 |
2014-09-04 |
2.8 |
None |
Remote |
Medium |
Multiple systems |
Partial |
None |
None |
|
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. |
|
13 |
CVE-2013-4505 |
264 |
|
DoS Bypass |
2013-12-07 |
2013-12-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. |
|
14 |
CVE-2013-4262 |
59 |
|
+Priv |
2014-07-28 |
2016-10-17 |
2.4 |
None |
Local |
High |
Single system |
None |
Partial |
Partial |
|
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. |
|
15 |
CVE-2013-2071 |
200 |
|
+Info |
2013-06-01 |
2017-05-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. |
|
16 |
CVE-2013-1845 |
119 |
|
DoS Overflow |
2013-05-02 |
2018-10-30 |
2.1 |
None |
Remote |
High |
Single system |
None |
None |
Partial |
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. |
|
17 |
CVE-2013-0346 |
264 |
|
+Info |
2014-02-15 |
2014-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." |
|
18 |
CVE-2012-4534 |
399 |
|
DoS |
2012-12-19 |
2017-09-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. |
|
19 |
CVE-2012-2687 |
79 |
|
XSS |
2012-08-22 |
2017-09-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. |
|
20 |
CVE-2012-0021 |
20 |
|
DoS |
2012-01-27 |
2018-01-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. |
|
21 |
CVE-2011-2712 |
79 |
|
XSS |
2011-08-29 |
2018-10-09 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
|
22 |
CVE-2011-1772 |
79 |
|
XSS |
2011-05-13 |
2012-01-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. |
|
23 |
CVE-2010-1157 |
200 |
|
+Info |
2010-04-23 |
2018-10-10 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. |
|
24 |
CVE-2009-4269 |
310 |
|
|
2010-08-16 |
2011-01-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. |
|
25 |
CVE-2009-3094 |
|
|
DoS |
2009-09-08 |
2018-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. |
|
26 |
CVE-2009-0796 |
79 |
|
XSS |
2009-04-07 |
2018-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI. |
|
27 |
CVE-2008-5519 |
200 |
|
+Info |
2009-04-09 |
2018-10-11 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. |
|
28 |
CVE-2008-4308 |
200 |
|
+Info |
2009-02-26 |
2009-02-27 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. |
|
29 |
CVE-2008-0732 |
59 |
|
|
2008-02-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. |
|
30 |
CVE-2007-1858 |
|
|
+Info |
2007-05-09 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. |
|
31 |
CVE-2007-1358 |
79 |
|
XSS |
2007-05-09 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
|
32 |
CVE-2005-3164 |
200 |
|
+Info |
2005-10-06 |
2011-10-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. |
|
33 |
CVE-2004-1834 |
|
|
|
2004-03-20 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. |
|
34 |
CVE-2004-1387 |
|
|
|
2004-12-31 |
2018-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. |
|
35 |
CVE-2003-1581 |
79 |
|
XSS |
2010-02-05 |
2010-02-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. |
|
36 |
CVE-2002-1233 |
|
|
|
2002-11-04 |
2016-10-17 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. |
|
37 |
CVE-2001-1534 |
|
|
Bypass +Info |
2001-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. |
|
38 |
CVE-2000-1247 |
16 |
|
|
2011-10-04 |
2017-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. |
