Filtered by vendor Apache Subscriptions
Total 2321 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-26580 1 Apache 1 Inlong 2024-08-02 9.1 Critical
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673
CVE-2024-26307 1 Apache 1 Doris 2024-08-02 5.3 Medium
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.
CVE-2024-26308 2 Apache, Redhat 8 Commons Compress, Camel Quarkus, Jboss Data Grid and 5 more 2024-08-02 5.5 Medium
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
CVE-2024-25710 2 Apache, Redhat 9 Commons Compress, Amq Streams, Camel Quarkus and 6 more 2024-08-01 8.1 High
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CVE-2024-23673 1 Apache 1 Sling Servlets Resolver 2024-08-01 8.5 High
Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.  Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.
CVE-2024-23452 1 Apache 1 Brpc 2024-08-01 7.5 High
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.  Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch:  https://github.com/apache/brpc/pull/2518
CVE-2024-21733 2 Apache, Redhat 3 Tomcat, Apache-camel-spring-boot, Jboss Fuse 2024-08-01 5.3 Medium
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
CVE-1999-1412 2 Apache, Apple 2 Http Server, Macos 2024-08-01 N/A
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
CVE-1999-1293 1 Apache 1 Http Server 2024-08-01 N/A
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
CVE-1999-1237 1 Apache 1 Http Server 2024-08-01 N/A
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
CVE-1999-1199 1 Apache 1 Http Server 2024-08-01 N/A
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
CVE-1999-1053 2 Apache, Matt Wright 2 Http Server, Matt Wright Guestbook 2024-08-01 N/A
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-1999-0926 1 Apache 1 Http Server 2024-08-01 N/A
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
CVE-1999-0678 2 Apache, Debian 2 Http Server, Debian Linux 2024-08-01 N/A
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
CVE-1999-0289 2 Apache, Microsoft 2 Http Server, Windows 2024-08-01 N/A
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
CVE-1999-0236 2 Apache, Illinois 2 Http Server, Ncsa Httpd 2024-08-01 7.5 High
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
CVE-1999-0045 2 Apache, Netscape 4 Http Server, Commerce Server, Communications Server and 1 more 2024-08-01 N/A
List of arbitrary files on Web host via nph-test-cgi script.
CVE-1999-0107 1 Apache 1 Http Server 2024-08-01 N/A
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
CVE-1999-0067 2 Apache, Ncsa 2 Http Server, Ncsa Httpd 2024-08-01 N/A
phf CGI program allows remote command execution through shell metacharacters.
CVE-1999-0071 1 Apache 1 Http Server 2024-08-01 N/A
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.