Filtered by vendor Apache
Subscriptions
Total
2321 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-26580 | 1 Apache | 1 Inlong | 2024-08-02 | 9.1 Critical |
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673 | ||||
CVE-2024-26307 | 1 Apache | 1 Doris | 2024-08-02 | 5.3 Medium |
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. | ||||
CVE-2024-26308 | 2 Apache, Redhat | 8 Commons Compress, Camel Quarkus, Jboss Data Grid and 5 more | 2024-08-02 | 5.5 Medium |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. | ||||
CVE-2024-25710 | 2 Apache, Redhat | 9 Commons Compress, Amq Streams, Camel Quarkus and 6 more | 2024-08-01 | 8.1 High |
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | ||||
CVE-2024-23673 | 1 Apache | 1 Sling Servlets Resolver | 2024-08-01 | 8.5 High |
Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. | ||||
CVE-2024-23452 | 1 Apache | 1 Brpc | 2024-08-01 | 7.5 High |
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518 | ||||
CVE-2024-21733 | 2 Apache, Redhat | 3 Tomcat, Apache-camel-spring-boot, Jboss Fuse | 2024-08-01 | 5.3 Medium |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | ||||
CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2024-08-01 | N/A |
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | ||||
CVE-1999-1293 | 1 Apache | 1 Http Server | 2024-08-01 | N/A |
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. | ||||
CVE-1999-1237 | 1 Apache | 1 Http Server | 2024-08-01 | N/A |
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. | ||||
CVE-1999-1199 | 1 Apache | 1 Http Server | 2024-08-01 | N/A |
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. | ||||
CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2024-08-01 | N/A |
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | ||||
CVE-1999-0926 | 1 Apache | 1 Http Server | 2024-08-01 | N/A |
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | ||||
CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-08-01 | N/A |
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | ||||
CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-08-01 | N/A |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | ||||
CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2024-08-01 | 7.5 High |
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | ||||
CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2024-08-01 | N/A |
List of arbitrary files on Web host via nph-test-cgi script. | ||||
CVE-1999-0107 | 1 Apache | 1 Http Server | 2024-08-01 | N/A |
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters. | ||||
CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-08-01 | N/A |
phf CGI program allows remote command execution through shell metacharacters. | ||||
CVE-1999-0071 | 1 Apache | 1 Http Server | 2024-08-01 | N/A |
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. |