Shodan
Vulnerabilities
Vulnerable Software
Apache:  Security Vulnerabilities
CVE-2015-7611
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
CVSS Score
8.1
EPSS Score
0.749
Published
2016-06-07
CVE-2016-4432
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
CVSS Score
9.1
EPSS Score
0.004
Published
2016-06-01
CVE-2016-3094
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
CVSS Score
5.9
EPSS Score
0.01
Published
2016-06-01
CVE-2016-3088
Known exploited
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
CVSS Score
9.8
EPSS Score
0.943
Published
2016-06-01
CVE-2016-2175
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
CVSS Score
7.8
EPSS Score
0.025
Published
2016-06-01
CVE-2016-0731
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
CVSS Score
4.9
EPSS Score
0.002
Published
2016-05-18
CVE-2016-0707
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.
CVSS Score
3.3
EPSS Score
0.001
Published
2016-05-18
CVE-2016-2099
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
CVSS Score
9.8
EPSS Score
0.022
Published
2016-05-13
CVE-2015-5208
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
CVSS Score
4.4
EPSS Score
0.018
Published
2016-05-09
CVE-2015-5207
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
CVSS Score
5.3
EPSS Score
0.001
Published
2016-05-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved