厂商或团体 apache 的搜索结果 (874)

CVE-2012-4449(发布:2017-10-30 15:29:00)NM
CVSS7.5

[原文]Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

CVE-2012-5636(发布:2017-10-30 15:29:00)NMS
CVSS4.3

[原文]Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.

CVE-2013-4366(发布:2017-10-30 15:29:00)NM
CVSS7.5

[原文]http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

CVE-2014-0115(发布:2017-10-30 12:29:00)NM
CVSS7.8

[原文]Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

CVE-2013-4246(发布:2017-10-30 10:29:00)NMOS
CVSS6.5

[原文]libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.

CVE-2014-3526(发布:2017-10-30 10:29:00)NM
CVSS5.0

[原文]Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

12345678下一页尾页 第1页 / 共146页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站