[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

Apache Vulnérabilités

Chronologie

Taper

Not Defined1315
Application Server Software307
Web Server289
Programming Tool Software94
Versioning Software49

Produit

Apache HTTP Server287
Apache Tomcat215
Apache Airflow95
Apache Struts92
Apache Traffic Server58

Contre-mesures

Official Fix1596
Temporary Fix1
Workaround28
Unavailable10
Not Defined632

Exploitabilité

High101
Functional1
Proof-of-Concept218
Unproven55
Not Defined1892

Vecteur d'accès

Not Defined0
Physical0
Local138
Adjacent452
Network1677

Authentification

Not Defined0
High38
Low881
None1348

Interaction de l'utilisateur

Not Defined0
Required354
None1913

C3BM Index

CVSSv3 Base

≤10
≤20
≤39
≤4132
≤5284
≤6625
≤7505
≤8456
≤9193
≤1063

CVSSv3 Temp

≤10
≤20
≤316
≤4149
≤5364
≤6639
≤7535
≤8330
≤9185
≤1049

VulDB

≤10
≤20
≤329
≤4285
≤5324
≤6725
≤7389
≤8410
≤941
≤1064

NVD

≤10
≤20
≤30
≤410
≤557
≤6170
≤7196
≤8374
≤9166
≤10274

CNA

≤11
≤20
≤33
≤43
≤524
≤622
≤720
≤868
≤945
≤1061

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploiter 0 jour

<1k3
<2k16
<5k188
<10k842
<25k1076
<50k130
<100k12
≥100k0

Exploiter aujourd'hui

<1k1426
<2k167
<5k312
<10k218
<25k138
<50k6
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Products (362): AGE (1), APISIX (6), APISIX Dashboard (2), APR-util (2), ATS (1), Accumulo (2), ActiveMQ (31), ActiveMQ Artemis (8), ActiveMQ Client (2), ActiveMQ Legacy OpenWire Module (1), Airavata Django Portal (1), Airflow (95), Airflow CNCF Kubernetes Provider (1), Airflow Docker Provider (1), Airflow Drill Provider (1), Airflow HDFS Provider (1), Airflow Hive Provider (3), Airflow IMAP Provider (1), Airflow JDBC Provider (1), Airflow MSSQL Provider (1), Airflow Mongo Provider (1), Airflow MySQL Provider (1), Airflow ODBC Provider (2), Airflow SMTP Provider (1), Airflow Spark Provider (2), Allura (6), Ambari (19), Answer (8), Ant (2), Any23 (4), Apache Test (1), Archiva (20), Arrow (2), Arrow Rust Object Store (1), AsterixDB (1), Atlas (10), Aurora (1), Avro (1), Avro Java SDK (2), Avro Rust SDK (3), Axis (7), Axis2 (6), Batik (9), Beam MongoDB Connector (1), BookKeeper (1), Brooklyn (3), C (1), CXF (36), CXF Fediz (6), Calcite (2), Calcite Avatica (1), Camel (23), Camel JIRA (1), Camel Mail (1), Cassandra (6), Cayenne (2), Chainsaw (2), CloudStack (28), Cocoon (4), Commons (1), Commons-compress (1), Commons-httpclient (2), Commons BCEL (1), Commons Beanutils (1), Commons Collections Library (1), Commons Components HttpClient (1), Commons Compress (9), Commons Configuration (4), Commons Email (1), Commons FileUpload (6), Commons IO (2), Commons Net (1), Commons Text (1), Continuum (1), Cordova (6), Cordova-Android (2), Cordova Android (1), Cordova File-Transfer Standalone Plugin (1), Cordova In-App-Browser Standalone Plugin (1), Cordova iOS (2), CouchDB (15), DB DdlUtils (1), DeltaSpike-JSF (1), Derby (8), Directory LDAP API (1), Directory Studio (2), DolphinScheduler (21), Doris (5), Drill (2), DriverHive JDBC Driver (1), Druid (9), Dubbo (18), Engine (1), EventMesh (1), FAB provider (1), FOP (1), Felix Healthcheck Webconsole Plugin (1), FileZilla (1), Fineract (16), Flex (1), Flex BlazeDS (1), Flink (4), Flume (3), Geode (16), Geode Cluster (1), Geronimo (10), Gobblin (2), Groovy (2), Guacamole (9), HBase (3), HTTP Server (287), Hadoop (34), Hama (1), Helix (2), Helix Front (1), Heron (2), HertzBeat (3), Hive (11), Hop Engine (1), HttpClient (3), HugeGraph-Hubble (1), HugeGraph-Server (2), Ignite (5), Impala (7), InLong (27), InLong TubeMQ Client (1), Incubator Superset (2), IoTDB (10), IoTDB Workbench (1), Isis (2), Ivy (3), JMeter (2), JSPWiki (22), Jackrabbit (4), Jackrabbit Oak (1), Jakarta Slide (1), Jakarta Tomcat (5), James (10), James MIME4J (1), James Mime4J (1), James Server (4), Jena (4), Jena Fuseki (1), Jena SDB (1), JetSpeed (6), Johnzon (1), KNOX (1), Kafka (8), Karaf (10), Karaf Cave (1), Kerby (1), Knox SSO (1), Kylin (12), LDAP API (1), LDAP Studio (1), Libcloud (2), Linkis (11), Linkis DataSource (4), Log4cxx (1), Log4j (7), Log4j SMTP Appender (1), Lucene (1), Lucene.Net.Replicator (1), MINA (2), MINA SSHD (2), MXNet (2), ManifoldCF (1), Maven (2), Maven Archetype Plugin (1), Mesos (6), Mina SSHD (2), Mod-gnutls (1), Mod Fcgid (2), Mod Jk (1), Mod Perl (1), Mod Python (1), MyFaces (3), MyFaces Core (2), MyFaces Tomahawk (1), MyFaces Trinidad (1), NetBeans (5), NiFi (37), NiFi MiNiFi C++ (2), NiFi Registry (1), NimBLE (1), Nutch (1), NuttX (4), ODE (1), OFBiz (38), ORC (1), Olingo (4), Oozie (3), Open For Business Project (8), OpenJPA (1), OpenMeetings (24), OpenNLP (1), OpenOffice (33), Open Office (1), Opentaps (1), Operating System (5), Ozone (9), PDFbox (8), PLC4X - PLC4C (1), POI (9), Parquet (1), Pinot (3), Pluto (4), Pony Mail (2), Portable Runtime (6), Portable Runtime APR (1), Portable Runtime Utility (2), Pulsar (17), Pulsar C++ Client (1), Pulsar Manager (1), Pulsar WebSocket Proxy (1), PyArrow (1), QPID (1), Qbid Java (1), Qpid (10), Qpid AMQP JMS Client (1), Qpid Broker-J (5), Qpid Broker for Java (1), Qpid Dispatch Router (1), Qpid Java (1), Qpid Proton (2), Qpid Proton-J Transport (1), RabbitMQ (2), Rampart-C (1), Ranger (15), Ranger Hive Plugin (1), Rave (1), RocketMQ (5), Roller (11), SOAP (2), Sanselan (2), Santuario XML Security for Java (3), SeaTunnel Web (2), Seata (1), Sentry (2), ServiceComb-Java-Chassis (1), ServiceComb Service-Center (2), ServiceComb ServiceCenter (1), ShardingSphere (2), ShardingSphere-Proxy (1), ShardingSphere-UI (1), ShardingSphere ElasticJob-UI (2), ShenYu (8), ShenYu Admin (1), Shindig (1), Shiro (16), SkyWalking (2), SkyWalking NodeJS (1), Sling (10), Sling API (2), Sling App CMS (2), Sling Commons JSON Bundle (1), Sling Commons Log (1), Sling Commons Messaging Mail (1), Sling JCR Base (1), Sling JCR ContentLoader (1), Sling Resource Merger (1), Sling Servlets Post (1), Sling Servlets Resolver (1), Sling XSS Protection API (1), Solr (37), Solr Operator (1), SpamAssassin (8), Spark (11), Spark UI (1), Standard Taglibs (1), Storm (11), StreamPark (12), StreamPipes (5), Struts (92), Struts2 (1), Struts REST Plugin (1), Submarine (2), Submarine Commons Utils (1), Submarine Server Core (2), Subversion (45), Superset (50), Synapse (1), Syncope (11), Syncope EndUser (1), SystemDS (1), Tapestry (10), Thrift (5), Thrift Java Client Library (1), Thrift Node.js Static Web Server (1), Tika (20), Tike (1), Tiles (2), TomEE (4), Tomcat (215), Tomcat Connectors (1), Tomcat JK ISAPI Connector (2), Tomcat JK Web Server Connector (2), Tomcat Native (2), Tomcat Native Connector (1), Tomcat Security Manager (1), Tomcat Servlet Engine (1), Traffic Control (5), Traffic Control Traffic Ops (1), Traffic Server (58), UIMA (1), UIMA DUCC (2), UIMA Java SDK CPE (1), UIMA Java SDK Core (1), UIMA Java SDK Tools (1), UIMA Java SDK Vinci Adapter (1), Unomi (3), VCL (1), Velocity Engine (1), Velocity Tools (1), WSS4J (2), Wicket (17), Wink (1), XAMPP (3), XML-RPC (1), XML Graphics Batik (3), XML Graphics FOP (1), XML Security (1), XML Security for C++ (6), XML Security for Java (1), Xalan-Java (1), Xerces (1), Xerces-C (4), Xerces-C++ (5), Xerces2 (1), Xerces C++ (2), Xerces Java (1), XmlGraphics Commons (1), Zeppelin (17), Zeppelin SAP (1), ZooKeeper (3), ZooKeper (1), Zookeeper (4), ant (2), axis2 (1), bRPC (3), couchdb (1), expressions (1), httpd (1), jUDDI (5), jUDDI Console (1), jserv (1), libapreq2 (1), libcloud (1), log4j (1), log4net (2), macOS (1), maven-shared-utils (1), mod_auth_radius (1), mod_jk (1), mod_python (1), qpid (2), roller (1), uima-as (1), uimaDUCC (1), uimaFIT (1), uimaj (1), wicket-jquery-ui (1)

Link to Vendor Website: https://www.apache.org/

PubliéBaseTempVulnérabilitéProdExpConEPSSCTICVE
12/11/20248.07.8Apache CloudStack elévation de privilègesCloud SoftwareNot DefinedOfficial Fix0.000000.19-CVE-2024-50386
08/11/20242.42.3Apache Airflow UI divulgation de l'informationInconnueNot DefinedOfficial Fix0.000430.03CVE-2024-50378
06/11/20247.37.0Apache ZooKeeper HTTP Request Header authentification faibleInconnueNot DefinedOfficial Fix0.000430.16CVE-2024-51504
03/11/20244.34.1Apache Kylin Web Interface authentification faibleInconnueNot DefinedOfficial Fix0.000430.03CVE-2024-23590
31/10/20247.17.0Apache Lucene.Net.Replicator elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.12CVE-2024-43383
28/10/20243.53.4Apache NiFi Parameter Context Configuration cross site scriptingInconnueNot DefinedOfficial Fix0.000440.27CVE-2024-45477
24/10/20243.53.4Apache Syncope Console cross site scriptingInconnueNot DefinedOfficial Fix0.000430.06CVE-2024-45031
16/10/20245.55.3Apache Solr ConfigSets elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.12CVE-2024-45217
16/10/20246.36.0Apache Solr URL Path Ending authentification faibleInconnueNot DefinedOfficial Fix0.000530.05CVE-2024-45216
16/10/20245.55.4Apache CloudStack Quota Plugin elévation de privilègesCloud SoftwareNot DefinedOfficial Fix0.000700.04CVE-2024-45461
16/10/20246.16.0Apache CloudStack Web Interface cross site request forgeryCloud SoftwareNot DefinedOfficial Fix0.001010.04CVE-2024-45693
16/10/20245.04.9Apache CloudStack Web Interface Logout authentification faibleCloud SoftwareNot DefinedOfficial Fix0.000500.03CVE-2024-45462
16/10/20247.47.2Apache CloudStack Template elévation de privilègesCloud SoftwareNot DefinedOfficial Fix0.000450.03CVE-2024-45219
14/10/20246.36.0Apache ActiveMQ Artemis Jolokia Endpoint elévation de privilègesApplication Server SoftwareNot DefinedOfficial Fix0.000450.03CVE-2023-50780
12/10/20244.34.1Apache Roller cross site request forgeryInconnueNot DefinedOfficial Fix0.000430.03CVE-2024-46911
09/10/20245.55.3Apache XML Graphics FOP XML External EntityInconnueNot DefinedOfficial Fix0.000430.05CVE-2024-28168
09/10/20246.36.0Apache RocketMQ NameServer/Broker/Controller elévation de privilègesInconnueNot DefinedOfficial Fix0.000000.03CVE-2023-33426
08/10/20245.35.1Apache Subversion Command Line elévation de privilègesVersioning SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-45720
03/10/20246.46.3Apache Avro Java SDK Schema Parser elévation de privilègesProgramming Language SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-47561
03/10/20245.75.5Apache Commons IO org.apache.commons.io.input.XmlStreamReader dénie de serviceInconnueNot DefinedOfficial Fix0.000430.08CVE-2024-47554
29/09/20246.26.1Apache Lucene org.apache.lucene.replicator.http elévation de privilègesInconnueNot DefinedOfficial Fix0.000420.03CVE-2024-45772
26/09/20245.95.8Apache Maven Archetype Plugin archetype-settings.xml divulgation de l'informationVersioning SoftwareNot DefinedOfficial Fix0.000560.04CVE-2024-47197
25/09/20242.62.5Apache Answer Gravatar chiffrement faibleInconnueNot DefinedOfficial Fix0.000430.03CVE-2024-40761
25/09/20244.74.7Apache Hadoop runJar.run divulgation de l'informationNetwork Management SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-23454
24/09/20242.62.5Apache Linkis Spark EngineConn chiffrement faibleInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-39928
23/09/20246.96.8Apache Tomcat TLS Handshake dénie de serviceApplication Server SoftwareNot DefinedOfficial Fix0.000430.11CVE-2024-38286
23/09/20245.65.5Apache mod_jk JkShmFile Directive elévation de privilègesApplication Server SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-46544
21/09/20247.57.4Apache HertzBeat snakeYaml elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.07CVE-2024-42323
17/09/20244.44.4Apache Druid JDBC elévation de privilègesInconnueNot DefinedOfficial Fix0.000450.03CVE-2024-45537
17/09/20244.44.3Apache Druid druid-pac4jInconnueNot DefinedOfficial Fix0.000880.08CVE-2024-45384
11/09/20248.68.5Apache Seata elévation de privilègesInconnueNot DefinedOfficial Fix0.014360.04CVE-2024-22399
06/09/20247.17.0Apache Airflow DAG Folder elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.05CVE-2024-45034
06/09/20247.17.0Apache Airflow DAG Trigger Permission elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.03CVE-2024-45498
03/09/20248.38.2Apache OFBiz URL elévation de privilègesInconnueNot DefinedOfficial Fix0.554750.00CVE-2024-45507
03/09/20246.96.9Apache OFBiz Controller View elévation de privilègesInconnueNot DefinedOfficial Fix0.037680.03CVE-2024-45195
26/08/20244.44.3Apache Portable Runtime apr.h buffer overflowInconnueNot DefinedOfficial Fix0.000420.00CVE-2023-49582
21/08/20244.84.7Apache Airflow cross site scriptingInconnueNot DefinedOfficial Fix0.001260.00CVE-2024-41937
21/08/20246.86.8Apache SeaTunnel Web MySQL URL directory traversalInconnueNot DefinedOfficial Fix0.001120.04CVE-2023-49198
21/08/20248.28.1Apache HertzBeat {metricFull} sql injectionInconnueNot DefinedNot Defined0.003160.03CVE-2024-42361
21/08/20248.88.7Apache HertzBeat import elévation de privilègesInconnueNot DefinedOfficial Fix0.001480.03CVE-2024-42362
20/08/20246.26.2Apache Helix Front express-session authentification faibleInconnueNot DefinedNot Defined0.000430.04CVE-2024-22281
20/08/20248.07.9Apache DolphinScheduler elévation de privilègesSocial Network SoftwareNot DefinedOfficial Fix0.000450.04CVE-2024-43202
12/08/20244.24.2Apache MINA SSHD Terrapin divulgation de l'informationSSH Server SoftwareNot DefinedOfficial Fix0.000620.03CVE-2024-41909
09/08/20246.86.7Apache DolphinScheduler Resource File elévation de privilègesSocial Network SoftwareNot DefinedOfficial Fix0.044450.03CVE-2024-30188
09/08/20247.57.4Apache DolphinScheduler elévation de privilègesSocial Network SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-29831
09/08/20245.45.3Apache Answer Password Reset dénie de serviceInconnueNot DefinedOfficial Fix0.000880.03CVE-2024-41890
09/08/20245.45.3Apache Answer Password Reset dénie de serviceInconnueNot DefinedOfficial Fix0.000880.03CVE-2024-41888
06/08/20243.93.8Apache CloudStack Network Listing API divulgation de l'informationCloud SoftwareNot DefinedOfficial Fix0.000800.05CVE-2024-42222
06/08/20245.65.6Apache CloudStack User Key divulgation de l'informationCloud SoftwareNot DefinedOfficial Fix0.002520.04CVE-2024-42062
05/08/20246.46.4Apache IoTDB Workbench elévation de privilègesInconnueNot DefinedNot Defined0.000630.04CVE-2024-36448

2217 plus d'entrées ne sont pas affichées

🔒 Login Required

You need to signup and login to see more of the remaining 2,217 results.

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!