CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apache : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-12636 78 Exec Code 2017-11-14 2017-12-04
9.0
None Remote Low Single system Complete Complete Complete
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
2 CVE-2017-12635 264 Exec Code 2017-11-14 2017-12-04
10.0
None Remote Low Not required Complete Complete Complete
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
3 CVE-2017-12629 611 Exec Code 2017-10-14 2017-12-01
7.5
None Remote Low Not required Partial Partial Partial
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
4 CVE-2017-12628 502 Exec Code 2017-10-20 2017-11-08
7.2
None Local Low Not required Complete Complete Complete
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.
5 CVE-2017-12617 434 Exec Code 2017-10-03 2017-12-01
6.8
None Remote Medium Not required Partial Partial Partial
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
6 CVE-2017-12615 434 Exec Code 2017-09-19 2017-12-01
6.8
None Remote Medium Not required Partial Partial Partial
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
7 CVE-2017-12612 502 Exec Code 2017-09-13 2017-09-26
7.2
None Local Low Not required Complete Complete Complete
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.
8 CVE-2017-12608 787 DoS Exec Code Mem. Corr. 2017-11-20 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
9 CVE-2017-12607 787 DoS Exec Code Mem. Corr. 2017-11-20 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
10 CVE-2017-9806 787 DoS Exec Code Mem. Corr. 2017-11-20 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
11 CVE-2017-9805 502 Exec Code 2017-09-15 2017-11-09
6.8
None Remote Medium Not required Partial Partial Partial
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
12 CVE-2017-9794 200 Exec Code +Info 2017-09-29 2017-10-06
4.0
None Remote Low Single system Partial None None
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.
13 CVE-2017-9791 20 Exec Code 2017-07-10 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
14 CVE-2017-5645 502 Exec Code 2017-04-17 2017-12-08
7.5
None Remote Low Not required Partial Partial Partial
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
15 CVE-2017-5638 20 Exec Code 2017-03-10 2017-11-09
10.0
None Remote Low Not required Complete Complete Complete
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
16 CVE-2016-1000031 284 Exec Code 2016-10-25 2017-11-02
7.5
None Remote Low Not required Partial Partial Partial
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
17 CVE-2016-8751 79 Exec Code XSS 2017-06-14 2017-06-19
3.5
None Remote Medium Single system None Partial None
Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
18 CVE-2016-8749 502 Exec Code 2017-03-28 2017-06-08
7.5
None Remote Low Not required Partial Partial Partial
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
19 CVE-2016-8744 502 Exec Code 2017-09-13 2017-09-29
9.0
None Remote Low Single system Complete Complete Complete
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.
20 CVE-2016-8737 352 Exec Code CSRF 2017-09-13 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
21 CVE-2016-8736 502 Exec Code 2017-10-12 2017-10-24
7.5
None Remote Low Not required Partial Partial Partial
Apache Openmeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
22 CVE-2016-8735 284 Exec Code 2017-04-06 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
23 CVE-2016-6809 502 Exec Code 2017-04-06 2017-04-12
7.5
None Remote Low Not required Partial Partial Partial
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
24 CVE-2016-6807 284 Exec Code 2017-03-28 2017-04-04
7.5
None Remote Low Not required Partial Partial Partial
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.
25 CVE-2016-6800 79 Exec Code XSS 2017-08-30 2017-09-12
4.3
None Remote Medium Not required None Partial None
The default configuration of the OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.
26 CVE-2016-6795 22 Exec Code Dir. Trav. 2017-09-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
27 CVE-2016-6793 502 DoS Exec Code 2017-07-17 2017-08-04
6.4
None Remote Low Not required None Partial Partial
The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.
28 CVE-2016-5003 502 Exec Code 2017-10-27 2017-11-15
7.5
None Remote Low Not required Partial Partial Partial
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.
29 CVE-2016-4978 502 Exec Code 2016-09-27 2016-09-28
6.0
None Remote Medium Single system Partial Partial Partial
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
30 CVE-2016-4974 20 Exec Code 2016-07-13 2016-09-01
6.0
None Remote Medium Single system Partial Partial Partial
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.
31 CVE-2016-4462 20 Exec Code 2017-08-30 2017-09-12
6.5
None Remote Low Single system Partial Partial Partial
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01
32 CVE-2016-4461 20 Exec Code 2017-10-16 2017-11-07
9.0
None Remote Low Single system Complete Complete Complete
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
33 CVE-2016-4438 20 Exec Code 2016-07-04 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
34 CVE-2016-4437 284 Exec Code Bypass 2016-06-07 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
35 CVE-2016-3090 20 Exec Code 2017-10-30 2017-11-21
6.5
None Remote Low Single system Partial Partial Partial
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
36 CVE-2016-3087 20 Exec Code 2016-06-07 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
37 CVE-2016-3082 20 Exec Code 2016-04-26 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
38 CVE-2016-3081 77 Exec Code 2016-04-26 2016-11-30
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
39 CVE-2016-2174 89 Exec Code Sql 2016-06-13 2016-06-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
40 CVE-2016-2170 20 Exec Code 2016-04-12 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
41 CVE-2016-1513 125 DoS Exec Code 2016-08-05 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
42 CVE-2016-1181 DoS Exec Code 2016-07-04 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
43 CVE-2016-0785 20 Exec Code 2016-04-12 2017-11-07
9.0
None Remote Low Single system Complete Complete Complete
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
44 CVE-2016-0779 502 Exec Code 2017-04-11 2017-04-18
7.5
None Remote Low Not required Partial Partial Partial
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.
45 CVE-2016-0760 284 Exec Code 2016-08-19 2016-08-22
6.5
None Remote Low Single system Partial Partial Partial
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
46 CVE-2016-0729 119 DoS Exec Code Overflow Mem. Corr. 2016-04-07 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
47 CVE-2016-0714 264 Exec Code Bypass 2016-02-24 2017-10-19
6.5
None Remote Low Single system Partial Partial Partial
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
48 CVE-2016-0710 89 Exec Code Sql 2016-04-11 2016-04-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
49 CVE-2016-0709 22 Exec Code Dir. Trav. 2016-04-11 2016-04-20
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
50 CVE-2015-7611 78 Exec Code 2016-06-07 2016-06-08
9.3
None Remote Medium Not required Complete Complete Complete
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
Total number of vulnerabilities : 127   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.