Vulnerabilidades em Apache
91 resultadosCVE-2019-0222—In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.EPSS 12.4%CVE-2019-17554—The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entitEPSS 12.2%CVE-2019-0215—In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 EPSS 10.5%CVE-2019-0225—A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, whicEPSS 10.3%CVE-2020-1935—In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsinEPSS 9.4%CVE-2019-12422—Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.EPSS 9.1%CVE-2019-0205—In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input dataEPSS 9.1%CVE-2019-17569—The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the EPSS 8.9%CVE-2019-10071—The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparisEPSS 8.8%CVE-2019-0194—Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.EPSS 8.5%CVE-2019-0188—Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSOEPSS 8.5%CVE-2019-0219—A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a speciaEPSS 7.8%CVE-2020-9488LOWImproper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted EPSS 7.8%CVE-2019-12401—Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via EPSS 7.5%CVE-2019-12420—In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possibleEPSS 7.2%CVE-2019-17573—By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerabEPSS 7.1%CVE-2019-0210—In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid inpEPSS 6.8%CVE-2020-1953—Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAMLEPSS 6.7%CVE-2020-1954—Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerEPSS 6.1%CVE-2019-12423—Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be usEPSS 6.1%