Apache Vulnérabilités

Chronologie

Taper

Produit

Apache HTTP Server276
Apache Tomcat213
Apache Struts92
Apache Airflow87
Apache Traffic Server55

Contre-mesures

Official Fix1486
Temporary Fix1
Workaround27
Unavailable10
Not Defined624

Exploitabilité

High94
Functional1
Proof-of-Concept202
Unproven55
Not Defined1796

Vecteur d'accès

Not Defined0
Physical0
Local133
Adjacent411
Network1604

Authentification

Not Defined0
High30
Low800
None1318

Interaction de l'utilisateur

Not Defined0
Required342
None1806

C3BM Index

CVSSv3 Base

≤10
≤20
≤35
≤4133
≤5265
≤6621
≤7468
≤8443
≤9153
≤1060

CVSSv3 Temp

≤10
≤20
≤313
≤4148
≤5340
≤6638
≤7498
≤8319
≤9146
≤1046

VulDB

≤10
≤20
≤320
≤4260
≤5310
≤6698
≤7358
≤8400
≤939
≤1063

NVD

≤10
≤20
≤30
≤410
≤551
≤6157
≤7193
≤8353
≤9156
≤10252

CNA

≤11
≤20
≤33
≤43
≤521
≤65
≤710
≤89
≤912
≤105

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploiter 0 jour

<1k3
<2k17
<5k154
<10k856
<25k973
<50k132
<100k13
≥100k0

Exploiter aujourd'hui

<1k1288
<2k181
<5k297
<10k274
<25k102
<50k6
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Products (346): AGE (1), APISIX (5), APISIX Dashboard (2), APR-util (2), ATS (1), Accumulo (2), ActiveMQ (31), ActiveMQ Artemis (7), ActiveMQ Client (2), ActiveMQ Legacy OpenWire Module (1), Airavata Django Portal (1), Airflow (87), Airflow CNCF Kubernetes Provider (1), Airflow Docker Provider (1), Airflow Drill Provider (1), Airflow HDFS Provider (1), Airflow Hive Provider (3), Airflow IMAP Provider (1), Airflow JDBC Provider (1), Airflow MSSQL Provider (1), Airflow Mongo Provider (1), Airflow MySQL Provider (1), Airflow ODBC Provider (2), Airflow SMTP Provider (1), Airflow Spark Provider (2), Allura (4), Ambari (19), Answer (5), Ant (2), Any23 (4), Apache Test (1), Archiva (20), Arrow (2), AsterixDB (1), Atlas (10), Aurora (1), Avro (1), Avro Java SDK (1), Avro Rust SDK (3), Axis (7), Axis2 (6), Batik (9), Beam MongoDB Connector (1), BookKeeper (1), Brooklyn (3), C (1), CXF (33), CXF Fediz (6), Calcite (2), Calcite Avatica (1), Camel (23), Camel JIRA (1), Camel Mail (1), Cassandra (6), Cayenne (2), Chainsaw (2), CloudStack (18), Cocoon (4), Commons (1), Commons-compress (1), Commons-httpclient (2), Commons BCEL (1), Commons Beanutils (1), Commons Collections Library (1), Commons Components HttpClient (1), Commons Compress (9), Commons Configuration (4), Commons Email (1), Commons FileUpload (6), Commons IO (1), Commons Net (1), Commons Text (1), Continuum (1), Cordova (6), Cordova-Android (2), Cordova Android (1), Cordova File-Transfer Standalone Plugin (1), Cordova In-App-Browser Standalone Plugin (1), Cordova iOS (2), CouchDB (15), DB DdlUtils (1), DeltaSpike-JSF (1), Derby (8), Directory LDAP API (1), Directory Studio (2), DolphinScheduler (18), Doris (5), Drill (1), DriverHive JDBC Driver (1), Druid (7), Dubbo (18), Engine (1), EventMesh (1), FOP (1), Felix Healthcheck Webconsole Plugin (1), FileZilla (1), Fineract (16), Flex (1), Flex BlazeDS (1), Flink (4), Flume (3), Geode (16), Geode Cluster (1), Geronimo (10), Gobblin (2), Groovy (2), Guacamole (9), HBase (3), HTTP Server (276), Hadoop (33), Hama (1), Helix (2), Heron (2), Hive (10), Hop Engine (1), HttpClient (3), HugeGraph-Hubble (1), HugeGraph-Server (2), Ignite (5), Impala (7), InLong (26), Incubator Superset (2), IoTDB (10), Isis (2), Ivy (3), JMeter (2), JSPWiki (21), Jackrabbit (4), Jackrabbit Oak (1), Jakarta Slide (1), Jakarta Tomcat (5), James (10), James MIME4J (1), James Mime4J (1), James Server (4), Jena (4), Jena Fuseki (1), Jena SDB (1), JetSpeed (6), Johnzon (1), KNOX (1), Kafka (8), Karaf (10), Kerby (1), Knox SSO (1), Kylin (11), LDAP API (1), LDAP Studio (1), Libcloud (2), Linkis (8), Linkis DataSource (1), Log4cxx (1), Log4j (7), Log4j SMTP Appender (1), MINA (2), MINA SSHD (1), MXNet (2), ManifoldCF (1), Maven (2), Mesos (6), Mina SSHD (2), Mod-gnutls (1), Mod Fcgid (2), Mod Jk (1), Mod Perl (1), Mod Python (1), MyFaces (3), MyFaces Core (2), MyFaces Tomahawk (1), MyFaces Trinidad (1), NetBeans (5), NiFi (35), NiFi MiNiFi C++ (2), NiFi Registry (1), NimBLE (1), Nutch (1), NuttX (4), ODE (1), OFBiz (33), ORC (1), Olingo (4), Oozie (3), Open For Business Project (8), OpenJPA (1), OpenMeetings (24), OpenNLP (1), OpenOffice (33), Open Office (1), Opentaps (1), Operating System (5), Ozone (9), PDFbox (8), PLC4X - PLC4C (1), POI (9), Parquet (1), Pinot (2), Pluto (4), Pony Mail (2), Portable Runtime (5), Portable Runtime APR (1), Portable Runtime Utility (2), Pulsar (17), Pulsar C++ Client (1), Pulsar Manager (1), Pulsar WebSocket Proxy (1), PyArrow (1), QPID (1), Qbid Java (1), Qpid (10), Qpid AMQP JMS Client (1), Qpid Broker-J (5), Qpid Broker for Java (1), Qpid Dispatch Router (1), Qpid Java (1), Qpid Proton (2), Qpid Proton-J Transport (1), RabbitMQ (2), Rampart-C (1), Ranger (15), Ranger Hive Plugin (1), Rave (1), RocketMQ (3), Roller (9), SOAP (2), Sanselan (2), Santuario XML Security for Java (3), Sentry (2), ServiceComb-Java-Chassis (1), ServiceComb Service-Center (2), ServiceComb ServiceCenter (1), ShardingSphere (2), ShardingSphere-Proxy (1), ShardingSphere-UI (1), ShardingSphere ElasticJob-UI (2), ShenYu (8), ShenYu Admin (1), Shindig (1), Shiro (16), SkyWalking (2), SkyWalking NodeJS (1), Sling (10), Sling API (2), Sling App CMS (2), Sling Commons JSON Bundle (1), Sling Commons Log (1), Sling Commons Messaging Mail (1), Sling JCR Base (1), Sling JCR ContentLoader (1), Sling Resource Merger (1), Sling Servlets Post (1), Sling Servlets Resolver (1), Sling XSS Protection API (1), Solr (35), Solr Operator (1), SpamAssassin (8), Spark (11), Spark UI (1), Standard Taglibs (1), Storm (11), StreamPark (5), StreamPipes (1), Struts (92), Struts2 (1), Struts REST Plugin (1), Submarine (2), Subversion (44), Superset (47), Synapse (1), Syncope (9), Syncope EndUser (1), SystemDS (1), Tapestry (10), Thrift (5), Thrift Java Client Library (1), Thrift Node.js Static Web Server (1), Tika (20), Tike (1), Tiles (2), TomEE (4), Tomcat (213), Tomcat Connectors (1), Tomcat JK ISAPI Connector (2), Tomcat JK Web Server Connector (2), Tomcat Native (2), Tomcat Native Connector (1), Tomcat Security Manager (1), Tomcat Servlet Engine (1), Traffic Control (5), Traffic Control Traffic Ops (1), Traffic Server (55), UIMA (1), UIMA DUCC (2), UIMA Java SDK CPE (1), UIMA Java SDK Core (1), UIMA Java SDK Tools (1), UIMA Java SDK Vinci Adapter (1), Unomi (3), VCL (1), Velocity Engine (1), Velocity Tools (1), WSS4J (2), Wicket (16), Wink (1), XAMPP (2), XML-RPC (1), XML Graphics Batik (3), XML Security (1), XML Security for C++ (5), XML Security for Java (1), Xalan-Java (1), Xerces (1), Xerces-C (4), Xerces-C++ (5), Xerces2 (1), Xerces C++ (2), Xerces Java (1), XmlGraphics Commons (1), Zeppelin (18), Zeppelin SAP (1), ZooKeeper (2), ZooKeper (1), Zookeeper (4), ant (2), axis2 (1), bRPC (3), couchdb (1), expressions (1), httpd (1), jUDDI (5), jUDDI Console (1), jserv (1), libapreq2 (1), libcloud (1), log4j (1), log4net (2), macOS (1), maven-shared-utils (1), mod_auth_radius (1), mod_python (1), qpid (2), roller (1), uima-as (1), uimaDUCC (1), uimaFIT (1), uimaj (1), wicket-jquery-ui (1)

Link to Vendor Website: https://www.apache.org/

PubliéBaseTempVulnérabilitéProdExpConEPSSCTICVE
01/05/20247.37.0Apache ActiveMQ Jolokia/REST API authentification faibleApplication Server SoftwareNot DefinedOfficial Fix0.000000.19+CVE-2024-32114
22/04/20246.36.0Apache HugeGraph-Server RESTful-API Privilege EscalationInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-27348
22/04/20247.37.0Apache HugeGraph-Server RESTful-API authentification faibleInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-27349
22/04/20245.55.3Apache HugeGraph-Hubble Hubble Connection Page elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-27347
19/04/20245.65.4Apache Airflow FTP Provider authentification faibleInconnueNot DefinedOfficial Fix0.000450.14CVE-2024-29733
19/04/20243.53.4Apache Answer Personal Website cross site scriptingInconnueNot DefinedOfficial Fix0.000430.19CVE-2024-29217
18/04/20243.13.0Apache Airflow Configuration UI Page divulgation de l'informationInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-31869
12/04/20244.34.1Apache Solr Operator divulgation de l'informationInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-31391
12/04/20244.64.6Apache Kafka KRaft Mode Migration elévation de privilègesInconnueNot DefinedNot Defined0.000430.09CVE-2024-27309
10/04/20245.55.3Apache Zeppelin Shell Interpreter elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.03CVE-2024-31861
09/04/20243.53.4Apache Zeppelin helium.json cross site scriptingInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-31868
09/04/20245.55.3Apache Zeppelin LDAP Search Filter Parser elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-31867
09/04/20245.55.3Apache Zeppelin Cron API elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-31865
09/04/20245.55.3Apache Zeppelin elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.19CVE-2024-31866
09/04/20246.36.0Apache Zeppelin JDBC Connection elévation de privilègesInconnueNot DefinedOfficial Fix0.000450.20CVE-2024-31864
09/04/20244.34.3Apache Zeppelin Credential Page cross site request forgeryInconnueNot DefinedNot Defined0.000430.06CVE-2021-28656
09/04/20245.55.3Apache Zeppelin SAP XML External EntityInconnueNot DefinedOfficial Fix0.000430.03CVE-2022-47894
09/04/20245.45.2Apache Zeppelin Note authentification faibleInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-31863
09/04/20243.53.4Apache Zeppelin Notebook Name dénie de serviceInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-31862
09/04/20243.53.4Apache Zeppelin directory traversalInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-31860
05/04/20243.53.4Apache NimBLE Bluetooth Stack dénie de serviceInconnueNot DefinedOfficial Fix0.000430.02CVE-2024-24746
04/04/20245.35.1Apache HTTP Server Module elévation de privilègesWeb ServerNot DefinedOfficial Fix0.000450.10CVE-2024-24795
04/04/20245.35.1Apache HTTP Server elévation de privilègesWeb ServerNot DefinedNot Defined0.000450.09CVE-2023-38709
04/04/20246.36.0Apache CloudStack extraconfig elévation de privilègesCloud SoftwareNot DefinedOfficial Fix0.000430.02CVE-2024-29008
04/04/20244.34.1Apache CloudStack HTTP Redirect elévation de privilègesCloud SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-29007
04/04/20245.35.1Apache CloudStack HTTP Header authentification faibleCloud SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-29006
04/04/20245.35.3Apache HTTP Server nghttp2 dénie de serviceWeb ServerNot DefinedNot Defined0.000450.04CVE-2024-27316
03/04/20245.35.3Apache Traffic Server HTTP/2 dénie de serviceInconnueNot DefinedNot Defined0.000460.02CVE-2024-31309
02/04/20246.36.0Apache Pulsar Topic elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-29834
29/03/20246.76.6Apache Fineract elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.05CVE-2024-23537
29/03/20248.17.9Apache Fineract sql injectionInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-23538
29/03/20247.37.1Apache Fineract sql injectionInconnueNot DefinedOfficial Fix0.000430.09CVE-2024-23539
26/03/20245.35.1Apache Airflow elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-29735
22/03/20247.87.5Apache Tomcat Local Privilege EscalationApplication Server SoftwareNot DefinedOfficial Fix0.000000.05CVE-2024-22029
21/03/20242.62.5Apache Doris chmod race conditionInconnueNot DefinedOfficial Fix0.000430.16CVE-2024-26307
21/03/20245.55.3Apache Commons Configuration buffer overflowInconnueNot DefinedOfficial Fix0.000450.05CVE-2024-29131
21/03/20245.55.3Apache Commons Configuration buffer overflowInconnueNot DefinedOfficial Fix0.000450.02CVE-2024-29133
21/03/20246.36.0Apache Doris JDBC divulgation de l'informationInconnueNot DefinedOfficial Fix0.000430.05CVE-2024-27438
19/03/20244.34.1Apache Wicket Fetch Metadata Header cross site request forgeryInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-27439
18/03/20243.53.4Apache Hop Engine PrepareExecutionPipelineServlet Page cross site scriptingInconnueNot DefinedOfficial Fix0.000430.02CVE-2024-24683
15/03/20245.55.3Apache CXF Aegis Databinding elévation de privilègesApplication Server SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-28752
15/03/20243.53.4Apache ZooKeeper Persistent Watcher divulgation de l'informationInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-23944
14/03/20245.55.3Apache Airflow UI authentification faibleInconnueNot DefinedOfficial Fix0.000430.00CVE-2024-28746
13/03/20245.35.1Apache Tomcat Websocket dénie de serviceApplication Server SoftwareNot DefinedOfficial Fix0.000450.04CVE-2024-23672
13/03/20245.35.1Apache Tomcat HTTP/2 Request dénie de serviceApplication Server SoftwareNot DefinedOfficial Fix0.000450.04CVE-2024-24549
12/03/20246.36.2Apache Pulsar Topic-Level Policy elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.04CVE-2024-28098
12/03/20246.76.6Apache Pulsar directory traversalInconnueNot DefinedOfficial Fix0.000440.05CVE-2024-27317
12/03/20248.07.8Apache Pulsar Function Worker Privilege EscalationInconnueNot DefinedOfficial Fix0.000430.24CVE-2024-27135
12/03/20247.77.6Apache Pulsar proxy-stats authentification faibleInconnueNot DefinedOfficial Fix0.000430.24CVE-2022-34321
12/03/20248.07.8Apache Pulsar Functions Worker elévation de privilègesInconnueNot DefinedOfficial Fix0.000430.24CVE-2024-27894

2098 plus d'entrées ne sont pas affichées

Do you need the next level of professionalism?

Upgrade your account now!