| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-11776 | 9.3 |
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time
|
12-06-2023 - 07:15 | 22-08-2018 - 13:29 | |
| CVE-2019-0227 | 5.4 |
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil
|
25-07-2022 - 18:15 | 01-05-2019 - 21:29 | |
| CVE-2019-0221 | 4.3 |
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debu
|
13-07-2021 - 17:15 | 28-05-2019 - 22:29 | |
| CVE-2019-0232 | 9.3 |
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments
|
14-06-2021 - 18:15 | 15-04-2019 - 15:29 | |
| CVE-2019-0211 | 7.2 |
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with
|
06-06-2021 - 11:15 | 08-04-2019 - 22:29 | |
| CVE-2017-5638 | 10.0 |
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a
|
24-02-2021 - 12:15 | 11-03-2017 - 02:59 | |
| CVE-2019-17554 | 4.3 |
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used t
|
31-01-2020 - 09:15 | 04-12-2019 - 17:16 | |
| CVE-2017-12615 | 6.8 |
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP
|
15-04-2019 - 16:30 | 19-09-2017 - 13:29 | |
| CVE-2016-3088 | 7.5 |
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
|
27-03-2019 - 20:29 | 01-06-2016 - 20:59 |