Filtered by vendor Apache
Subscribe
Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2156 | 1 Apache | 1 Xml Security For C\+\+ | 2025-04-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. | |||||
| CVE-2013-4590 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Solaris | 2025-04-11 | 4.3 MEDIUM | N/A |
| Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2012-0047 | 1 Apache | 1 Wicket | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. | |||||
| CVE-2012-5575 | 2 Apache, Redhat | 6 Cxf, Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform and 3 more | 2025-04-11 | 6.4 MEDIUM | N/A |
| Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." | |||||
| CVE-2012-1007 | 1 Apache | 1 Struts | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do. | |||||
| CVE-2011-0534 | 1 Apache | 1 Tomcat | 2025-04-11 | 5.0 MEDIUM | N/A |
| Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. | |||||
| CVE-2013-4212 | 1 Apache | 1 Roller | 2025-04-11 | 6.8 MEDIUM | N/A |
| Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection." | |||||
| CVE-2012-4458 | 1 Apache | 1 Qpid | 2025-04-11 | 5.0 MEDIUM | N/A |
| The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. | |||||
| CVE-2010-2068 | 4 Apache, Ibm, Microsoft and 1 more | 4 Http Server, Os2, Windows and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. | |||||
| CVE-2012-4418 | 1 Apache | 1 Axis2 | 2025-04-11 | 5.8 MEDIUM | N/A |
| Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | |||||
| CVE-2013-2055 | 1 Apache | 1 Wicket | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup. | |||||
| CVE-2012-3506 | 1 Apache | 1 Ofbiz | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors. | |||||
| CVE-2011-1176 | 3 Apache, Debian, Mpm-itk Project | 3 Http Server, Debian Linux, Mpm-itk | 2025-04-11 | 4.3 MEDIUM | N/A |
| The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. | |||||
| CVE-2010-4253 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. | |||||
| CVE-2013-2248 | 1 Apache | 1 Struts | 2025-04-11 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. | |||||
| CVE-2012-6612 | 1 Apache | 1 Solr | 2025-04-11 | 7.5 HIGH | N/A |
| The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. | |||||
| CVE-2012-4558 | 1 Apache | 1 Http Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. | |||||
| CVE-2010-0425 | 2 Apache, Microsoft | 2 Http Server, Windows | 2025-04-11 | 10.0 HIGH | N/A |
| modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | |||||
| CVE-2013-1814 | 1 Apache | 1 Rave | 2025-04-11 | 4.0 MEDIUM | N/A |
| The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. | |||||
| CVE-2013-4131 | 1 Apache | 1 Subversion | 2025-04-11 | 4.0 MEDIUM | N/A |
| The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. | |||||