VYPR

Apache

by Apache

Source repositories

CVEs (202)

  • CVE-2001-0766CriOct 18, 2001
    risk 0.67cvss 9.8epss 0.09

    Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

  • CVE-2017-15697CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.05

    A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade…

  • CVE-2017-5636CriOct 19, 2017
    risk 0.64cvss 9.8epss 0.04

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to…

  • CVE-2018-1335HigApr 25, 2018
    risk 0.63cvss 8.1epss 0.94

    From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to…

  • CVE-2018-1282CriApr 5, 2018
    risk 0.60cvss 9.1epss 0.06

    This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.

  • CVE-2013-10075CriMay 8, 2026
    risk 0.59cvss 9.1epss 0.00

    Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to…

  • CVE-2026-5081CriMay 6, 2026
    risk 0.59cvss 9.1epss 0.00

    Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the…

  • CVE-2025-40931CriMar 5, 2026
    risk 0.59cvss 9.1epss 0.01

    Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID.…

  • CVE-2018-1309CriMay 23, 2018
    risk 0.57cvss 9.8epss 0.05

    Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release.…

  • CVE-2004-0940HigFeb 9, 2005
    risk 0.54cvss 7.8epss 0.05

    Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

  • CVE-2002-1850HigDec 31, 2002
    risk 0.53cvss 7.5epss 0.17

    mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI…

  • CVE-2026-42535CriJun 8, 2026
    risk 0.52cvss 9.1epss 0.01

    A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

  • CVE-2018-11761HigSep 19, 2018
    risk 0.50cvss 7.5epss 0.10

    In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

  • CVE-2026-5088HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are…

  • CVE-2018-11796HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.07

    In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity…

  • CVE-2018-1310HigMay 23, 2018
    risk 0.49cvss 7.5epss 0.03

    Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache…

  • CVE-2018-1316HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.03

    The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion.…

  • CVE-2017-12632HigJan 23, 2018
    risk 0.49cvss 7.5epss 0.03

    A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade…

  • CVE-2017-5635HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.03

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

  • CVE-2017-9803HigSep 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g.…

Page 1 of 11