厂商或团体 apache 的搜索结果 (716)

CVE-2015-3188(发布:2017-01-13 10:59:00)NMCP
CVSS10.0

[CNNVD]Apache Storm 远程代码执行漏洞--Apache Storm是美国阿帕奇(Apache)软件基金会的一套采用Clojure(并发编程语言)开发的免费开源的分布式实时计算系统。 Apache Storm中存在远程代码执行漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行任意代码,也可能造成拒绝服务。 ...

CVE-2015-3271(发布:2016-12-15 17:59:00)NMS
CVSS5.0

[原文]Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.

CVE-2015-1832(发布:2016-10-03 17:59:02)NMS
CVSS6.4

[原文]XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

CVE-2016-4436(发布:2016-10-03 11:59:01)NMS
CVSS7.5

[原文]Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

CVE-2016-1240(发布:2016-10-03 11:59:00)NMPS
CVSS7.2

[原文]The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

CVE-2016-4464(发布:2016-09-21 14:59:04)NMS
CVSS7.5

[原文]The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

12345678下一页尾页 第1页 / 共120页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站