Vulnerabilidades en Apache

91 resultados

CVE-2019-0232—When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 EPSS 99.7%CVE-2020-1938CRITICALWhen using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connecEPSS 99.3%KEV CVE-2020-1956HIGHApache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, aEPSS 98.0%KEV CVE-2020-1943—Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.EPSS 97.3%CVE-2011-3923—Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary EPSS 88.8%CVE-2019-0227—A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and buEPSS 86.5%CVE-2019-0193HIGHIn Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in whiEPSS 83.5%KEV CVE-2019-0211HIGHIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes orEPSS 65.0%KEV CVE-2020-1927—In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by enEPSS 56.7%CVE-2020-1934—In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.EPSS 52.0%CVE-2019-17570—An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpEPSS 49.3%CVE-2019-0221—The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escapiEPSS 45.6%CVE-2019-17564—Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java EPSS 35.6%CVE-2019-0235—Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.EPSS 32.7%CVE-2019-10086—In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to accessEPSS 28.8%CVE-2020-11996—A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could tEPSS 26.7%CVE-2019-0189—The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" EPSS 23.7%CVE-2019-12409—The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default sEPSS 21.9%CVE-2019-0217—In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a userEPSS 16.6%CVE-2019-12419—Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There iEPSS 13.8%

← anteriorpágina 1 / 5siguiente →