Shodan
Vulnerabilities
Vulnerable Software
Apache:  Security Vulnerabilities
CVE-2016-4430
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.028
Published
2016-07-04
CVE-2016-3092
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
CVSS Score
7.5
EPSS Score
0.365
Published
2016-07-04
CVE-2016-1182
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
CVSS Score
8.2
EPSS Score
0.019
Published
2016-07-04
CVE-2016-1181
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
CVSS Score
8.1
EPSS Score
0.068
Published
2016-07-04
CVE-2015-0899
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
CVSS Score
7.5
EPSS Score
0.753
Published
2016-07-04
CVE-2016-2174
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
CVSS Score
7.2
EPSS Score
0.006
Published
2016-06-13
CVE-2016-3085
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
CVSS Score
6.5
EPSS Score
0.003
Published
2016-06-10
CVE-2016-3093
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.053
Published
2016-06-07
CVE-2016-3087
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
CVSS Score
9.8
EPSS Score
0.87
Published
2016-06-07
CVE-2016-4437
Known exploited
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
CVSS Score
9.8
EPSS Score
0.942
Published
2016-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved