Vulnerabilities (CVE)

Vendor filter

Apache Subscribe

Product filter

Http Server Subscribe

Filter

1211 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0195 1 Apache 1 Tapestry 2019-09-17 7.5
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably...
CVE-2019-0207 1 Apache 1 Tapestry 2019-09-17 5.0
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
CVE-2019-10071 1 Apache 1 Tapestry 2019-09-17 6.8
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine...
CVE-2018-17200 1 Apache 1 Ofbiz 2019-09-13 7.5
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it...
CVE-2019-0189 1 Apache 1 Ofbiz 2019-09-13 7.5
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request...
CVE-2019-10074 1 Apache 1 Ofbiz 2019-09-13 7.5
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding...
CVE-2019-10073 1 Apache 1 Ofbiz 2019-09-13 4.3
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543,...
CVE-2019-12401 1 Apache 1 Solr 2019-09-11 5.0
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern...
CVE-2019-12405 1 Apache 1 Traffic Control 2019-09-10 6.8
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly...
CVE-2018-8036 1 Apache 1 Pdfbox 2019-09-10 4.3
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
CVE-2018-11797 1 Apache 1 Pdfbox 2019-09-10 4.3
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
CVE-2017-7670 1 Apache 1 Traffic Control 2019-09-06 5.0
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client...
CVE-2018-11796 1 Apache 1 Tika 2019-09-03 5.0
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified...
CVE-2019-10086 2 Apache, Debian 2 Commons Beanutils, Debian Linux 2019-09-03 7.5
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by...
CVE-2019-10081 2 Apache, Debian 2 Http Server, Debian Linux 2019-08-30 5.0
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header...
CVE-2014-1972 1 Apache 1 Tapestry 2019-08-24 7.8
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted...
CVE-2019-9518 2 Apache, Apple 2 Traffic Server, Swiftnio 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS,...
CVE-2019-9517 2 Apache, Apple 2 Traffic Server, Swiftnio 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window...
CVE-2019-9516 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or...
CVE-2019-9515 2 Apache, Apple 2 Traffic Server, Swiftnio 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per...