Apache Tomcat Path Equivalence Vulnerability

Apache · Tomcat

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.

Apache OFBiz Forced Browsing Vulnerability

Apache · OFBiz

Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.

Apache HugeGraph-Server Improper Access Control Vulnerability

Apache · HugeGraph-Server

Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code.

Apache OFBiz Incorrect Authorization Vulnerability

Apache · OFBiz

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Apache OFBiz Path Traversal Vulnerability

Apache · OFBiz

Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.

Apache Flink Improper Access Control Vulnerability

Apache · Flink

Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.

Apache Superset Insecure Default Initialization of Resource Vulnerability

Apache · Superset

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Apache · ActiveMQ

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Apache RocketMQ Command Execution Vulnerability

Apache · RocketMQ

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content.

Apache Tomcat Remote Code Execution Vulnerability

Apache · Tomcat

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Apache · Log4j2

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Apache Spark Command Injection Vulnerability

Apache · Spark

Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Apache · CouchDB

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Apache APISIX Authentication Bypass Vulnerability

Apache · APISIX

Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

Apache Kylin OS Command Injection Vulnerability

Apache · Kylin

Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Apache Tomcat Remote Code Execution Vulnerability

Apache · Tomcat

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Apache Tomcat on Windows Remote Code Execution Vulnerability

Apache · Tomcat

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Apache Struts Improper Input Validation Vulnerability

Apache · Struts

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.

Apache Tomcat Improper Privilege Management Vulnerability

Apache · Tomcat

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Apache Struts 1 Improper Input Validation Vulnerability

Apache · Struts 1

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

Apache ActiveMQ Improper Input Validation Vulnerability

Apache · ActiveMQ

The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

Apache Struts 1 ActionForm Denial-of-Service Vulnerability

Apache · Struts 1

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).

Apache Struts 2 Improper Input Validation Vulnerability

Apache · Struts 2

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.