Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1735

Browse all 1735 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Apache Software Foundation develops and maintains open-source software, primarily known for the widely deployed Apache HTTP Server and foundational Java frameworks. Its extensive portfolio exposes a significant attack surface, evidenced by the 1717 recorded CVEs. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configuration errors or input validation failures in legacy components. While the foundation enforces rigorous security review processes, the sheer volume of projects increases the likelihood of undiscovered flaws. Notable incidents include critical flaws in Log4j, which allowed remote code execution via crafted log messages, highlighting risks in dependency management. The organization relies on community-driven patching, requiring administrators to promptly apply updates to mitigate exploitation. This model ensures transparency but demands active vigilance from users to maintain system integrity against evolving threat vectors.

Found 56 results / 1735Clear Filters
Top products by Apache Software Foundation: Apache HTTP Server Apache Airflow Apache Tomcat Apache Superset Apache Traffic Server Apache NiFi Apache OFBiz Apache InLong Apache CloudStack Apache DolphinScheduler Apache OpenOffice Apache Struts Apache Solr Apache OpenMeetings Apache Zeppelin Apache Camel Apache CXF Apache Hadoop Apache JSPWiki Apache Fineract Apache Geode Apache Pulsar Apache Ambari Apache Dubbo Apache Kylin Apache Hive Apache Thrift Apache Spark Apache Tika Apache ActiveMQ
CVE IDTitleCVSSSeverityPublished
CVE-2025-65114 Apache Traffic Server: Malformed chunked message body allows request smuggling — Apache Traffic ServerCWE-444 7.5AIHighAI2026-04-02
CVE-2025-58136 Apache Traffic Server: A simple legitimate POST request causes a crash — Apache Traffic ServerCWE-670 7.5AIHighAI2026-04-02
CVE-2025-31698 Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL — Apache Traffic ServerCWE-284--AI2025-06-19
CVE-2025-49763 Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin — Apache Traffic ServerCWE-400 7.5AIHighAI2025-06-19
CVE-2024-53868 Apache Traffic Server: Malformed chunked message body allows request smuggling — Apache Traffic ServerCWE-444 7.5AIHighAI2025-04-03
CVE-2024-38311 Apache Traffic Server: Request smuggling via pipelining after a chunked message body — Apache Traffic ServerCWE-20 7.5 -2025-03-06
CVE-2024-56195 Apache Traffic Server: Intercept plugins are not access controlled — Apache Traffic ServerCWE-284--2025-03-06
CVE-2024-56196 Apache Traffic Server: ACL is not fully compatible with older versions — Apache Traffic ServerCWE-284--2025-03-06
CVE-2024-56202 Apache Traffic Server: Expect header field can unreasonably retain resource — Apache Traffic ServerCWE-440 9.1 -2025-03-06
CVE-2024-50306 Apache Traffic Server: Server process can fail to drop privilege — Apache Traffic ServerCWE-252 9.8 -2024-11-14
CVE-2024-50305 Apache Traffic Server: Valid Host field value can cause crashes — Apache Traffic ServerCWE-20 6.5 -2024-11-14
CVE-2024-38479 Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack — Apache Traffic ServerCWE-20 9.1 -2024-11-14
CVE-2023-38522 Apache Traffic Server: Incomplete field name check allows request smuggling — Apache Traffic ServerCWE-444 5.3 -2024-07-26
CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests — Apache Traffic ServerCWE-20 5.3 -2024-07-26
CVE-2024-35161 Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling — Apache Traffic ServerCWE-444 5.3 -2024-07-26
CVE-2024-31309 Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack — Apache Traffic ServerCWE-20 7.5 -2024-04-10
CVE-2023-39456 Apache Traffic Server: Malformed http/2 frames can cause an abort — Apache Traffic ServerCWE-20 7.5 -2023-10-17
CVE-2023-41752 Apache Traffic Server: s3_auth plugin problem with hash calculation — Apache Traffic ServerCWE-200 7.5 -2023-10-17
CVE-2023-33934 Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies — Apache Traffic ServerCWE-444 8.2 -2023-08-09
CVE-2022-47185 Apache Traffic Server: Invalid Range header causes a crash — Apache Traffic ServerCWE-20 8.2 -2023-08-09
CVE-2023-30631 Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work — Apache Traffic ServerCWE-20 7.5 -2023-06-14
CVE-2023-33933 Apache Traffic Server: s3_auth plugin problem with hash calculation — Apache Traffic ServerCWE-200 7.5 -2023-06-14
CVE-2022-47184 Apache Traffic Server: The TRACE method can be use to disclose network information — Apache Traffic ServerCWE-200 7.5 -2023-06-14
CVE-2022-40743 Apache Traffic Server: Security issues with the xdebug plugin — Apache Traffic ServerCWE-79 6.1 -2022-12-19
CVE-2022-37392 Apache Traffic Server: Improperly reading the client requests — Apache Traffic ServerCWE-754 8.2 -2022-12-19
CVE-2022-32749 Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins — Apache Traffic ServerCWE-754 7.5 -2022-12-19
CVE-2022-31779 Improper HTTP/2 scheme and method validation — Apache Traffic ServerCWE-20 7.5 -2022-08-10
CVE-2022-25763 Improper input validation on HTTP/2 headers — Apache Traffic ServerCWE-444 7.5 -2022-08-10
CVE-2022-31778 Transfer-Encoding not treated as hop-by-hop — Apache Traffic ServerCWE-20 7.5 -2022-08-10
CVE-2022-31780 HTTP/2 framing vulnerabilities — Apache Traffic ServerCWE-20 7.5 -2022-08-10

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.