Apache Vulnérabilités

Chronologie

Taper

Produit

Apache HTTP Server273
Apache Tomcat213
Apache Struts92
Apache Airflow85
Apache Traffic Server54

Contre-mesures

Official Fix1459
Temporary Fix1
Workaround27
Unavailable10
Not Defined619

Exploitabilité

High71
Functional2
Proof-of-Concept208
Unproven55
Not Defined1780

Vecteur d'accès

Not Defined0
Physical0
Local133
Adjacent400
Network1583

Authentification

Not Defined0
High30
Low778
None1308

Interaction de l'utilisateur

Not Defined0
Required339
None1777

C3BM Index

CVSSv3 Base

≤10
≤20
≤35
≤4127
≤5261
≤6608
≤7463
≤8440
≤9152
≤1060

CVSSv3 Temp

≤10
≤20
≤312
≤4143
≤5336
≤6621
≤7495
≤8318
≤9146
≤1045

VulDB

≤10
≤20
≤320
≤4254
≤5305
≤6685
≤7352
≤8398
≤939
≤1063

NVD

≤10
≤20
≤30
≤410
≤551
≤6157
≤7193
≤8353
≤9156
≤10252

CNA

≤11
≤20
≤33
≤43
≤521
≤65
≤710
≤89
≤910
≤104

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploiter 0 jour

<1k3
<2k17
<5k154
<10k829
<25k964
<50k136
<100k13
≥100k0

Exploiter aujourd'hui

<1k1281
<2k182
<5k268
<10k295
<25k86
<50k4
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Products (341): AGE (1), APISIX (5), APISIX Dashboard (2), APR-util (2), ATS (1), Accumulo (2), ActiveMQ (30), ActiveMQ Artemis (7), ActiveMQ Client (2), ActiveMQ Legacy OpenWire Module (1), Airavata Django Portal (1), Airflow (85), Airflow CNCF Kubernetes Provider (1), Airflow Docker Provider (1), Airflow Drill Provider (1), Airflow HDFS Provider (1), Airflow Hive Provider (3), Airflow IMAP Provider (1), Airflow JDBC Provider (1), Airflow MSSQL Provider (1), Airflow Mongo Provider (1), Airflow MySQL Provider (1), Airflow ODBC Provider (2), Airflow SMTP Provider (1), Airflow Spark Provider (2), Allura (4), Ambari (19), Answer (4), Ant (2), Any23 (4), Apache Test (1), Archiva (20), Arrow (2), AsterixDB (1), Atlas (10), Aurora (1), Avro (1), Avro Java SDK (1), Avro Rust SDK (3), Axis (7), Axis2 (6), Batik (9), Beam MongoDB Connector (1), BookKeeper (1), Brooklyn (3), C (1), CXF (33), CXF Fediz (6), Calcite (2), Calcite Avatica (1), Camel (23), Camel JIRA (1), Camel Mail (1), Cassandra (6), Cayenne (2), Chainsaw (2), CloudStack (15), Cocoon (4), Commons (1), Commons-compress (1), Commons-httpclient (2), Commons BCEL (1), Commons Beanutils (1), Commons Collections Library (1), Commons Components HttpClient (1), Commons Compress (9), Commons Configuration (4), Commons Email (1), Commons FileUpload (6), Commons IO (1), Commons Net (1), Commons Text (1), Continuum (1), Cordova (6), Cordova-Android (2), Cordova Android (1), Cordova File-Transfer Standalone Plugin (1), Cordova In-App-Browser Standalone Plugin (1), Cordova iOS (2), CouchDB (15), DB DdlUtils (1), DeltaSpike-JSF (1), Derby (8), Directory LDAP API (1), Directory Studio (2), DolphinScheduler (18), Doris (5), Drill (1), DriverHive JDBC Driver (1), Druid (7), Dubbo (18), Engine (1), EventMesh (1), FOP (1), Felix Healthcheck Webconsole Plugin (1), FileZilla (1), Fineract (13), Flex (1), Flex BlazeDS (1), Flink (4), Flume (3), Geode (16), Geode Cluster (1), Geronimo (10), Gobblin (2), Groovy (2), Guacamole (9), HBase (3), HTTP Server (273), Hadoop (33), Hama (1), Helix (2), Heron (2), Hive (10), Hop Engine (1), HttpClient (3), Ignite (5), Impala (7), InLong (26), Incubator Superset (2), IoTDB (10), Isis (2), Ivy (3), JMeter (2), JSPWiki (21), Jackrabbit (4), Jackrabbit Oak (1), Jakarta Slide (1), Jakarta Tomcat (5), James (10), James MIME4J (1), James Mime4J (1), James Server (4), Jena (4), Jena Fuseki (1), Jena SDB (1), JetSpeed (6), Johnzon (1), KNOX (1), Kafka (7), Karaf (10), Kerby (1), Knox SSO (1), Kylin (11), LDAP API (1), LDAP Studio (1), Libcloud (2), Linkis (8), Linkis DataSource (1), Log4cxx (1), Log4j (7), Log4j SMTP Appender (1), MINA (2), MINA SSHD (1), MXNet (2), ManifoldCF (1), Maven (2), Mesos (6), Mina SSHD (2), Mod-gnutls (1), Mod Fcgid (2), Mod Jk (1), Mod Perl (1), Mod Python (1), MyFaces (3), MyFaces Core (2), MyFaces Tomahawk (1), MyFaces Trinidad (1), NetBeans (5), NiFi (35), NiFi MiNiFi C++ (2), NiFi Registry (1), Nutch (1), NuttX (4), ODE (1), OFBiz (33), ORC (1), Olingo (4), Oozie (3), Open For Business Project (8), OpenJPA (1), OpenMeetings (24), OpenNLP (1), OpenOffice (33), Open Office (1), Opentaps (1), Operating System (5), Ozone (9), PDFbox (8), PLC4X - PLC4C (1), POI (9), Parquet (1), Pinot (2), Pluto (4), Pony Mail (2), Portable Runtime (5), Portable Runtime APR (1), Portable Runtime Utility (2), Pulsar (16), Pulsar C++ Client (1), Pulsar Manager (1), Pulsar WebSocket Proxy (1), PyArrow (1), QPID (1), Qbid Java (1), Qpid (10), Qpid AMQP JMS Client (1), Qpid Broker-J (5), Qpid Broker for Java (1), Qpid Dispatch Router (1), Qpid Java (1), Qpid Proton (2), Qpid Proton-J Transport (1), RabbitMQ (2), Rampart-C (1), Ranger (15), Ranger Hive Plugin (1), Rave (1), RocketMQ (3), Roller (9), SOAP (2), Sanselan (2), Santuario XML Security for Java (3), Sentry (2), ServiceComb-Java-Chassis (1), ServiceComb Service-Center (2), ServiceComb ServiceCenter (1), ShardingSphere (2), ShardingSphere-Proxy (1), ShardingSphere-UI (1), ShardingSphere ElasticJob-UI (2), ShenYu (8), ShenYu Admin (1), Shindig (1), Shiro (16), SkyWalking (2), SkyWalking NodeJS (1), Sling (10), Sling API (2), Sling App CMS (2), Sling Commons JSON Bundle (1), Sling Commons Log (1), Sling Commons Messaging Mail (1), Sling JCR Base (1), Sling JCR ContentLoader (1), Sling Resource Merger (1), Sling Servlets Post (1), Sling Servlets Resolver (1), Sling XSS Protection API (1), Solr (35), SpamAssassin (8), Spark (11), Spark UI (1), Standard Taglibs (1), Storm (11), StreamPark (5), StreamPipes (1), Struts (92), Struts2 (1), Struts REST Plugin (1), Submarine (2), Subversion (44), Superset (47), Synapse (1), Syncope (9), Syncope EndUser (1), SystemDS (1), Tapestry (10), Thrift (5), Thrift Java Client Library (1), Thrift Node.js Static Web Server (1), Tika (20), Tike (1), Tiles (2), TomEE (4), Tomcat (213), Tomcat Connectors (1), Tomcat JK ISAPI Connector (2), Tomcat JK Web Server Connector (2), Tomcat Native (2), Tomcat Native Connector (1), Tomcat Security Manager (1), Tomcat Servlet Engine (1), Traffic Control (5), Traffic Control Traffic Ops (1), Traffic Server (54), UIMA (1), UIMA DUCC (2), UIMA Java SDK CPE (1), UIMA Java SDK Core (1), UIMA Java SDK Tools (1), UIMA Java SDK Vinci Adapter (1), Unomi (3), VCL (1), Velocity Engine (1), Velocity Tools (1), WSS4J (2), Wicket (16), Wink (1), XAMPP (2), XML-RPC (1), XML Graphics Batik (3), XML Security (1), XML Security for C++ (5), XML Security for Java (1), Xalan-Java (1), Xerces (1), Xerces-C (4), Xerces-C++ (5), Xerces2 (1), Xerces C++ (2), Xerces Java (1), XmlGraphics Commons (1), Zeppelin (8), ZooKeeper (2), ZooKeper (1), Zookeeper (4), ant (2), axis2 (1), bRPC (3), couchdb (1), expressions (1), httpd (1), jUDDI (5), jUDDI Console (1), jserv (1), libapreq2 (1), libcloud (1), log4j (1), log4net (2), macOS (1), maven-shared-utils (1), mod_auth_radius (1), mod_python (1), qpid (2), roller (1), uima-as (1), uimaDUCC (1), uimaFIT (1), uimaj (1), wicket-jquery-ui (1)

Link to Vendor Website: https://www.apache.org/

PubliéBaseTempVulnérabilitéProdExpConCTIEPSSCVE
26/03/20245.35.1Apache Airflow elévation de privilègesInconnueNot DefinedOfficial Fix0.050.00043CVE-2024-29735
22/03/20247.87.5Apache Tomcat Local Privilege EscalationApplication Server SoftwareNot DefinedOfficial Fix0.170.00000CVE-2024-22029
21/03/20242.62.5Apache Doris chmod race conditionInconnueNot DefinedOfficial Fix0.160.00043CVE-2024-26307
21/03/20245.55.3Apache Commons Configuration buffer overflowInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-29131
21/03/20245.55.3Apache Commons Configuration buffer overflowInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-29133
21/03/20246.36.0Apache Doris JDBC divulgation de l'informationInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-27438
19/03/20244.34.1Apache Wicket Fetch Metadata Header cross site request forgeryInconnueNot DefinedOfficial Fix0.060.00043CVE-2024-27439
18/03/20243.53.4Apache Hop Engine PrepareExecutionPipelineServlet Page cross site scriptingInconnueNot DefinedOfficial Fix0.040.00043CVE-2024-24683
15/03/20245.55.3Apache CXF Aegis Databinding elévation de privilègesApplication Server SoftwareNot DefinedOfficial Fix0.020.00043CVE-2024-28752
15/03/20243.53.4Apache ZooKeeper Persistent Watcher divulgation de l'informationInconnueNot DefinedOfficial Fix0.030.00043CVE-2024-23944
14/03/20245.55.3Apache Airflow UI authentification faibleInconnueNot DefinedOfficial Fix0.030.00043CVE-2024-28746
13/03/20245.35.1Apache Tomcat Websocket dénie de serviceApplication Server SoftwareNot DefinedOfficial Fix0.020.00043CVE-2024-23672
13/03/20245.35.1Apache Tomcat HTTP/2 Request dénie de serviceApplication Server SoftwareNot DefinedOfficial Fix0.040.00043CVE-2024-24549
12/03/20246.36.2Apache Pulsar Topic-Level Policy elévation de privilègesInconnueNot DefinedOfficial Fix0.060.00043CVE-2024-28098
12/03/20246.76.6Apache Pulsar directory traversalInconnueNot DefinedOfficial Fix0.040.00044CVE-2024-27317
12/03/20248.07.8Apache Pulsar Function Worker Privilege EscalationInconnueNot DefinedOfficial Fix0.040.00043CVE-2024-27135
12/03/20247.77.6Apache Pulsar proxy-stats authentification faibleInconnueNot DefinedOfficial Fix0.000.00043CVE-2022-34321
12/03/20248.07.8Apache Pulsar Functions Worker elévation de privilègesInconnueNot DefinedOfficial Fix0.030.00043CVE-2024-27894
10/03/20243.73.6Apache Doris authentification faibleInconnueNot DefinedOfficial Fix0.040.00043CVE-2023-41313
06/03/20243.53.4Apache InLong File elévation de privilègesInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-26580
06/03/20244.34.1Apache Linkis DataSource divulgation de l'informationInconnueNot DefinedOfficial Fix0.050.00043CVE-2023-50740
01/03/20243.53.5Apache Archiva cross site scriptingInconnueNot DefinedNot Defined0.020.00043CVE-2024-27140
01/03/20243.53.5Apache Archiva User Registration elévation de privilègesInconnueNot DefinedNot Defined0.020.00043CVE-2024-27138
01/03/20245.55.5Apache Archiva elévation de privilègesInconnueNot DefinedNot Defined0.070.00043CVE-2024-27139
01/03/20244.34.1Apache Ambari cross site scriptingInconnueNot DefinedOfficial Fix0.040.00043CVE-2023-50378
01/03/20243.53.4Apache Airflow Audit Log elévation de privilègesInconnueNot DefinedOfficial Fix0.040.00043CVE-2024-26280
29/02/20245.55.3Apache Airflow DAG Code divulgation de l'informationInconnueNot DefinedOfficial Fix0.020.00045CVE-2024-27906
28/02/20246.36.0Apache OFBiz directory traversalInconnueNot DefinedOfficial Fix0.100.00044CVE-2024-25065
28/02/20244.34.2Apache Superset Dashboard Import elévation de privilègesInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-26016
28/02/20245.25.1Apache Superset elévation de privilègesInconnueNot DefinedOfficial Fix0.080.00043CVE-2024-24779
28/02/20243.83.7Apache Superset SQLLab elévation de privilègesInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-24773
28/02/20244.34.2Apache Superset Chart Data REST API divulgation de l'informationInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-24772
28/02/20244.34.2Apache Superset Alerts divulgation de l'informationInconnueNot DefinedOfficial Fix0.030.00043CVE-2024-27315
27/02/20245.55.3Apache Ambari Oozie Workflow Scheduler XML External EntityInconnueNot DefinedOfficial Fix0.030.00043CVE-2023-50380
27/02/20245.55.5Apache James Mime4J MIME4J DOM elévation de privilègesInconnueNot DefinedNot Defined0.080.00043CVE-2024-21742
27/02/20245.35.3Apache Aurora divulgation de l'informationInconnueNot DefinedNot Defined0.030.00043CVE-2024-27905
27/02/20245.55.3Apache James Server SMTP elévation de privilègesInconnueNot DefinedOfficial Fix0.060.00045CVE-2023-51747
27/02/20244.34.1Apache Ambari Request elévation de privilègesInconnueNot DefinedOfficial Fix0.000.00043CVE-2023-50379
26/02/20246.36.0Apache James Server JMX Deserialization authentification faibleInconnueNot DefinedOfficial Fix0.210.00043CVE-2023-51518
24/02/20243.23.2Apache Camel EventFactory ExchangeCreatedEvent divulgation de l'informationInconnueNot DefinedOfficial Fix0.030.00043CVE-2024-22371
23/02/20245.55.3Apache DolphinScheduler elévation de privilègesSocial Network SoftwareNot DefinedOfficial Fix0.000.00045CVE-2024-23320
22/02/20243.53.4Apache Answer Summary cross site scriptingInconnueNot DefinedOfficial Fix0.040.00043CVE-2024-23349
22/02/20244.34.1Apache Answer File Upload Pixel Flood dénie de serviceInconnueNot DefinedOfficial Fix0.000.00043CVE-2024-22393
22/02/20243.73.6Apache Answer Registration race conditionInconnueNot DefinedOfficial Fix0.020.00043CVE-2024-26578
21/02/20245.35.1Apache OFBiz createRegister divulgation de l'informationInconnueNot DefinedOfficial Fix0.050.00056CVE-2024-23946
21/02/20243.73.6Apache Airflow Mongo Provider Mongo Hook authentification faibleInconnueNot DefinedOfficial Fix0.030.00045CVE-2024-25141
20/02/20243.53.4Apache DolphinScheduler elévation de privilègesSocial Network SoftwareNot DefinedOfficial Fix0.020.00045CVE-2023-51770
20/02/20243.13.0Apache DolphinScheduler Password Change authentification faibleSocial Network SoftwareNot DefinedOfficial Fix0.030.00045CVE-2023-50270
20/02/20246.36.0Apache DolphinScheduler elévation de privilègesSocial Network SoftwareNot DefinedOfficial Fix0.030.00045CVE-2023-49109
20/02/20243.73.6Apache DolphinScheduler HTTPS Connection HttpUtils authentification faibleSocial Network SoftwareNot DefinedOfficial Fix0.020.00045CVE-2023-49250

2066 plus d'entrées ne sont pas affichées

Do you need the next level of professionalism?

Upgrade your account now!