You are here

Vulnerabilities

To help you stay on top of the many web application vulnerabilities being reported every day, we introduce the Airlock Vulnerability Overview. Here you find a list of those vulnerabilities we consider relevant to Airlock users, including information on what their impact is and - if needed - what further steps are required to protect a system from them. New entries are added quite frequently, we recommend visiting the page often. Or even better, use the RSS feed to get proactively informed about new entries.



Airlock Vulnerability Status:
  • Does not affect Airlock
  • Airlock vulnerable, see resolution
  • No action required
Back-end Vulnerability Status:
  • Does not affect back-ends behind Airlock
  • Airlock protects, requires changes in configuration
  • Back-ends may be vulnerable, see resolution
  • No action required
Keywords IDs Airlock Vulnerability Statussort descending Back-end Vulnerability Status Updated
DoS Management Interface
  •  
  •  
2012-11-02
BEAST CVE-2011-3389
  •  
  •  
2012-11-28
HEIST, TLS, SSL, compression
  •  
  •  
2017-01-19
OpenSSL, DTLS, TLS, SSL CVE-2014-0224, CVE-2014-0221, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0195, CVE-2014-0076
  •  
  •  
2014-06-10
RC4, TLS CVE-2015-2808
  •  
  •  
2017-01-19
linux, kernel, tcp, ack CVE-2016-5696
  •  
  •  
2017-01-19
RC4, NSA CVE-2013-2566
  •  
  •  
2013-12-16
HTTP/2, DoS, Apache, httpd CVE-2016-8740
  •  
  •  
2017-01-19
OpenSSL, OCSP CVE-2016-6304, CVE-2016-6305, CVE-2016-2183, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308
  •  
  •  
2017-01-19
open redirect, phishing, authentication service CVE-2013-2764
  •  
  •  
2014-01-09
OpenSSL, CRL CVE-2016-7052, CVE-2016-6309
  •  
  •  
2017-01-19
Apache, httpd, mod_deflate, DoS, Denial of Service CVE-2014-0118
  •  
  •  
2014-09-08
OpenSSL, TLS, DTLS CVE-2013-6449, CVE-2013-4353, CVE-2013-6450, CB-K13/1074, CB-K14/0009
  •  
  •  
2014-01-13
openssl CVE-2014-3512, CVE-2014-3511, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3509, CVE-2014-5139, CVE-2014-3508
  •  
  •  
2017-03-13
memory CVE-2016-5195
  •  
  •  
2017-01-19
OpenSSL, TLS, DoS, Elliptic Curve CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
  •  
  •  
2015-06-26
POODLE, SSLv3, OpenSSL CVE-2014-3566
  •  
  •  
2014-10-20
BREACH, TLS, SSL, compression CVE-2013-3587
  •  
  •  
2015-08-26
Solaris Patch Update January 2011
  •  
  •  
2011-01-27
SSL, TLS, OpenSSL, Client Certificate Authentication
  •  
  •  
2015-07-09
OpenSSL, Heartbleed CVE-2014-0160, CVE-2014-0346
  •  
  •  
2014-04-10
SQL Injection
  •  
  •  
2011-07-08
4.1 SQL injections
  •  
  •  
2008-08-29
SHA-1, Client Certificate, SHAppening, freestart, collisions
  •  
  •  
2015-10-28
OpenSSL, Padding CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
  •  
  •  
2016-05-19
tomcat, information leakage, NIO CVE-2016-8745
  •  
  •  
2017-01-19
Range header DOS Apache CVE-2011-3192
  •  
  •  
2011-08-25
OpenSSL, PSS, RSA CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
  •  
  •  
2015-12-04
curl, TLS, SSL, certificate CVE-2016-5419, CVE-2016-5420, CVE-2016-5421
  •  
  •  
2017-01-19
HP, HPE, iLO, hardware CVE-2017-12542
  •  
  •  
2018-07-12
curl CVE-2018-1000122, CVE-2018-1000121, CVE-2018-1000120
  •  
  •  
2018-03-15
Struts2 S2-052, CVE-2017-9805
  •  
  •  
2017-09-06
SSL, TLS, FREAK, export, ciphers CVE-2015-0204
  •  
  •  
2015-03-11
joomla, php, user-agent CVE-2015-8562
  •  
  •  
2015-12-16
libxslt, libpng, python, tomcat, freetype, gzip, bash CB-K13/0207 CVE-2011-3970 CVE-2012-2807 CVE-2011-1202 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 CVE-2012-2893 CVE-2011-3026 CVE-2011-3048 CVE-2010-1634 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887
  •  
  •  
2017-01-19
java, cpu, Oracle Critical Patch Update CVE-2016-2183, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2017-3253, CVE-2016-5546, CVE-2017-3241, CVE-2017-3289, CVE-2017-3272, CVE-2017-3260, CVE-2016-5549, CVE-2016-5548, CVE-2017-3231, CVE-2017-3261, CVE-2017-3259, CVE-2017-3262, CVE-2016-8328
  •  
  •  
2017-03-10
Tomcat, Cache Poisoning, Security Constraint Bypass, CORS, HTTP/2 CVE-2017-7675, CVE-2017-7674
  •  
  •  
2017-08-11
httpd CVE-2018-1303, CVE-2018-1302, CVE-2018-1301, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1283
  •  
  •  
2018-03-27
Apache, httpd, optionsbleed CVE-2017-9798
  •  
  •  
2017-09-19
OpenSSH CVE-2016-0777, CVE-2016-0778
  •  
  •  
2016-01-18
httpd, apache, mod_http2, mod_auth_digest CVE-2017-9789, CVE-2017-9788
  •  
  •  
2017-07-17
OpenSSH, SunSSH, sshd, DoS CB-K13/0190, CVE-2010-5107
  •  
  •  
2013-03-20
curl CVE-2017-2629
  •  
  •  
2017-03-10
php CVE-2013-6420, CB-K13/1040
  •  
  •  
2013-12-16
ROHNP, ECDSA, DSA
  •  
  •  
2018-07-04
curl CVE-2017-9502
  •  
  •  
2017-06-15
IIS, Buffer Overflow CVE-2015-1635, MS15-034
  •  
  •  
2017-11-29
keychain, use-after-free CVE-2016-0728
  •  
  •  
2016-01-21
Tomcat, Error Pages, PUT, DELETE CVE-2017-5664
  •  
  •  
2017-06-19
3DES, SSL, TLS, SWEET32, SWEET CVE-2016-2183
  •  
  •  
2017-01-19
Tomcat, Remote Code Execution CVE-2017-12616, CVE-2017-12615, CVE-2017-8045, CVE-2017-12617
  •  
  •  
2017-10-05
PHP, response-splitting CVE-2011-1398, CB-K13/1037
  •  
  •  
2013-12-16
HTTP/2, DoS, Apache, httpd, mod_md, Let's Encrypt CVE-2018-1333, CVE-2018-8011
  •  
  •  
2018-07-19
Tomcat, DoS, request smuggling CVE-2014-0075, CVE-2014-0095, CVE-2014-0099
  •  
  •  
2014-06-18
Oracle CPU, Java, Solaris CVE-2015-0469 CVE-2015-0459 CVE-2015-0491 CVE-2015-0460 CVE-2015-0492 CVE-2015-0458 CVE-2015-0484 CVE-2015-0480 CVE-2015-0486 CVE-2015-0477 CVE-2015-0470 CVE-2015-0488 CVE-2015-0478 CVE-2015-0204 CVE-2015-2578 CVE-2014-3566 CVE-2015-0452 CVE-2015-2577
  •  
  •  
2017-01-19
cgi, proxy CVE-2016-5385 CVE-2016-5386 CVE-2016-5387 CVE-2016-5388 CVE-2016-1000109 CVE-2016-1000110
  •  
  •  
2017-01-19
Java, JAXP, SLOTH CVE-2016-0728, CVE-2016-0494, CVE-2015-8126, CVE-2016-0402, CVE-2016-0448, CVE-2016-0483, CVE-2016-0466, CVE-2015-7575
  •  
  •  
2016-01-21
java, serialization, deserialization CVE-2015-4852
  •  
  •  
2015-11-12
CPU, RMI, Solaris, IPSec, NFS, JAX-WS CB-K13/0276, CVE-2013-1537, CVE-2013-2415, CVE-2013-0405, CVE-2013-0406
  •  
  •  
2013-04-22
struts2, OGNL CVE-2017-5638, S2-045
  •  
  •  
2017-03-20
java, cpu, Oracle Critical Patch Update CVE-2018-3183, CVE-2018-3149, CVE-2018-3180, CVE-2018-3214, CVE-2018-3209, CVE-2018-3169, CVE-2018-3211, CVE-2018-3150, CVE-2018-13785, CVE-2018-3136, CVE-2018-3139
  •  
  •  
2018-10-23
Oracle CPU, Java, Solaris CVE-2014-4225, CVE-2014-4215, CVE-2014-4224, CVE-2014-4239, CVE-2014-4264, CVE-2014-4244, CVE-2014-4263
  •  
  •  
2014-07-16
curl, NTLM CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3143
  •  
  •  
2015-04-23
tomcat, cache poisoning, XSS CVE-2016-6816, CVE-2016-8735
  •  
  •  
2017-06-19
OpenSSL, DH, SSLv2 CVE-2016-0701, CVE-2015-3197
  •  
  •  
2016-01-29
java, cpu, Oracle Critical Patch Update
  •  
  •  
2017-10-20
curl, TLS, SSL, certificate CVE-2013-4545, CVE-2013-6422
  •  
  •  
2013-12-23
RSA, CVE-2018-0732,CVE-2018-0737
  •  
  •  
2018-08-14
OpenSSL, ASN.1
  •  
  •  
2018-03-27
OpenSSL CVE-2017-3735
  •  
  •  
2017-08-31
curl, NTLM CVE-2016-0755, CVE-2016-0754
  •  
  •  
2016-02-01
apache struts2 S2-047, S2-049, CVE-2017-9787, CVE-2017-7672
  •  
  •  
2017-09-25
java, cpu CVE-2016-5556, CVE-2016-5568, CVE-2016-5582, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542
  •  
  •  
2017-01-19
Apache, httpd, mod_rewrite CVE-2013-1862, CB-K13/0146, CB-K13/0374
  •  
  •  
2013-07-25
java, cpu, Oracle Critical Patch Update CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3544, CVE-2017-3512, CVE-2017-3514, CVE-2017-3509, CVE-2017-3539
  •  
  •  
2017-04-21
OpenSSL CVE-2017-3736, CVE-2017-3735
  •  
  •  
2017-11-02
curl, NTLM CVE-2018-14618
  •  
  •  
2018-09-18
TLS, SSL, DH, CVE-2015-4000
  •  
  •  
2015-05-21
Java floating point CVE-2010-4476
  •  
  •  
2011-02-10
OAuth 2.0, OAuth, OpenID Connect, 307 Redirect Attack, IdP Mix-Up Attack
  •  
  •  
2016-02-04
Oracle Critical Patch Update CB-K13/0418, CVE-2013-2457, CVE-2013-1571, CVE-2013-2467, CVE-2013-2461, CVE-2013-2407, CVE-2013-2451
  •  
  •  
2013-06-20
curl CVE-2017-8818, CVE-2017-8817, CVE-2017-8816
  •  
  •  
2017-11-30
Tomcat, Open Redirect CVE-2018-11784
  •  
  •  
2018-10-05
java CVE-2016-0636
  •  
  •  
2016-04-14
stunnel CVE-2015-3644
  •  
  •  
2015-05-22
Tomcat, Host Manager CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5345, CVE-2016-0729
  •  
  •  
2016-03-03
ssl, tls, DoS, OpenSSL CVE-2016-8610
  •  
  •  
2017-01-19
dirty cow CVE-2017-1000405
  •  
  •  
2017-12-06
Tomcat, Session Fixation CVE-2014-0033
  •  
  •  
2014-03-12
OpenSSL, ECDSA
  •  
  •  
2018-10-30
Struts2 CVE-2015-1831, CB-K15/0640, S2-024
  •  
  •  
2015-05-27
OpenSSL CVE-2010-0742
  •  
  •  
2010-08-01
OpenSSL, SSLv2, SSLv3, CacheBleed, Drown Attack CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0701. CVE-2015-3197
  •  
  •  
2016-03-01
php, nullbyte CVE-2015-4025
  •  
  •  
2015-06-11
OpenSSL CVE-2016-7054, CVE-2016-7053, CVE-2016-7055
  •  
  •  
2017-01-19
libcurl CVE-2013-2174, CB-K13/0425
  •  
  •  
2013-06-28
OpenSSL
  •  
  •  
2017-12-07
struts2, OGNL, S2-020 CVE-2014-0094
  •  
  •  
2018-08-25
OpenSSL, DSA
  •  
  •  
2018-10-31
Oracle CPU, Java, Solaris CVE-2014-6508, CVE-2014-6508, CVE-2014-6468, CVE-2014-6517, CVE-2014-6512, CVE-2014-6457, CVE-2014-6558
  •  
  •  
2014-10-17
PDF UXSS
  •  
  •  
2007-03-15
Struts2 S2-048, CVE-2017-9791
  •  
  •  
2017-07-17
struts2, xml, ognl S2-050, S2-051, CVE-2017-9793, CVE-2017-9804, CVE-2017-12611
  •  
  •  
2017-09-26
Tomcat, DoS, CSRF, FORM authentication CVE-2012-4534, CVE-2012-4431, CVE-2012-3546
  •  
  •  
2013-01-08
httpd, apache, HttpProtocolOptions CVE-2016-8743, CVE-2016-2161, CVE-2016-0736, CVE-2016-8740, CVE-2016-5387
  •  
  •  
2017-01-19
Oracle Critical Patch Update, CPU, Solaris CB-K13/0470, CVE-2013-3753, CVE-2013-3748, CVE-2013-3750, CVE-2013-3765, CVE-2013-3797, CVE-2013-3787, CVE-2013-3754, CVE-2013-3746, CVE-2013-3754, CVE-2013-3746, CVE-2013-0398, CVE-2013-0398, CVE-2013-0398, CVE-2013-0398, CVE-2013-3745, CVE-2013-3773
  •  
  •  
2013-07-19
Struts2, JSON CVE-2017-15707
  •  
  •  
2017-12-08
httpd, mod_dav, mod_log_config CVE-2013-6438, CVE-2014-0098
  •  
  •  
2014-04-17
curl, SASL CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
  •  
  •  
2018-11-02
Kerberos, KDC CVE-2014-6324, MS14-068
  •  
  •  
2014-11-24
libcurl, NTLM CVE-2014-0015
  •  
  •  
2014-02-03
Oracle CPU, Java, Solaris CVE-2015-2601, CVE-2015-2613, CVE-2015-4749, CVE-2015-4748, CVE-2015-2659
  •  
  •  
2015-07-16
Struts2, OGNL S2-028, S2-029, S2-030, CVE-2016-4003, CVE-2016-0785, CVE-2016-2162
  •  
  •  
2016-05-03
Java clientside CVE-2012-3174, CVE-2013-0422, CB-K13/0036
  •  
  •  
2013-01-17
curl CVE-2016-9586, CVE-2016-9952, CVE-2016-9953
  •  
  •  
2017-01-19
Apache, httpd, mod_dav CVE-2013-1896
  •  
  •  
2013-07-26
ROBOT, RSA, Bleichenbacher, DROWN
  •  
  •  
2017-12-13
openssl, stunnel, ECDSA, DSA CVE-2014-0076, CVE-2014-0016
  •  
  •  
2014-03-26
ECC, DSA CVE-2018-5407, CVE-2018-0734
  •  
  •  
2018-11-22
OpenSSL, TLS, POODLE CVE-2014-8730
  •  
  •  
2014-12-10
curl CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099
  •  
  •  
2017-08-15
xss, deny rule, filter
  •  
  •  
2015-09-24
Oracle Critical Patch Update, CPU, Java, Solaris CVE-2013-5907, CVE-2013-5907, CVE-2014-0411, CVE-2014-0411, CVE-2013-5821, CVE-2014-0390, CVE-2013-5872, CB-K14/0052, CB-K14/0053
  •  
  •  
2014-01-16
cpu, java CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426, CVE-2016-3425, CVE-2016-3427, CVE-20 16-0695
  •  
  •  
2016-04-26
Oracle Critical Patch Update CVE-2013-0400, CVE-2013-0399, CVE-2013-0415, CVE-2013-0407, CVE-2012-0599, CB-K13/0047
  •  
  •  
2013-01-17
curl CVE-2016-9594
  •  
  •  
2017-01-19
Apache, httpd, mod_session_dbd CVE-2013-2249, CB-K13/0459
  •  
  •  
2013-07-26
meltdown, spectre, L1 Terminal Fault CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, CVE-2018-3620, CVE-2018-3646
  •  
  •  
2018-08-20
npm, event-stream, malicious code
  •  
  •  
2018-11-29
NTP CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
  •  
  •  
2017-01-19
Java, Oracle CPU, Solaris CVE-2015-4803, CVE-2015-4893, CVE-2015-4911, CVE-2015-4868, CVE-1999-0377, CVE-2015-4869, CVE-2015-2642
  •  
  •  
2017-01-19
Struts2 S2-031, S2-032, CVE-2016-3081, CVE-2016-3082
  •  
  •  
2016-05-04
Java CB-K13/0083, CVE-2013-0437, CVE-2013-1478, CVE-2013-0442, CVE-2013-0445, CVE-2013-1480, CVE-2013-0440, CVE-2013-0443, ...
  •  
  •  
2013-02-04
PHPMailer, RCE, PHP, Joolma, Drupal, WordPress, PwnScriptum CVE-2016-10033, CVE-2016-10045
  •  
  •  
2017-01-19
struts2, DMI CVE-2013-2248, CVE-2013-4310, CVE-2013-4316, S2-017, S2-018, S2-019
  •  
  •  
2013-10-01
curl CVE-2018-1000005, CVE-2018-1000007
  •  
  •  
2018-01-30
Oracle Critical Patch Update, CPU, Java, Solaris CVE-2014-0457, CVE-2014-0453, CVE-2014-0447, CVE-2014-0442, CVE-2014-0421
  •  
  •  
2014-04-17
OpenSSL, DH, Certificate, RSA, SSL, TLS CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
  •  
  •  
2015-01-13
OpenSSL CVE-2017-3733
  •  
  •  
2017-03-10
libcurl, buffer overflow CVE-2013-0249
  •  
  •  
2013-02-11
Java CB-K13/0803, CVE-2013-5830, CVE-2013-5780, CVE-2013-5823, CVE-2013-5802,CVE-2013-5825, CVE-2013-4002
  •  
  •  
2013-10-18
Tomcat, Security Constraint Bypass CVE-2018-1305, CVE-2018-1304
  •  
  •  
2018-02-27
Struts2, OGNL, S2-021 CVE-2014-0112, CVE-2014-0113
  •  
  •  
2014-05-14
Oracle CPU, Java, Solaris CVE-2014-6593, CVE-2014-3566, CVE-2015-0410, CVE-2015-0383, CVE-2014-6481, CVE-2003-0001, CVE-2004-0230, CVE-2015-0375, CVE-2014-6575
  •  
  •  
2015-01-22
httpd, apache, mod_http2, mod_ssl, mod_mine CVE-2017-7659, CVE-2017-3169, CVE-2017-7679, CVE-2017-7668, CVE-2017-3167
  •  
  •  
2017-06-21
ntp CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
  •  
  •  
2015-11-17
java, XXE, XML, fasterxml, jackson CVE-2016-3720
  •  
  •  
2016-06-27
OpenSSL, ECDSA, P-256 CVE-2016-7056
  •  
  •  
2017-03-10
Oracle Critical Patch Update, CPU, Solaris CVE-2013-5866, CVE-2013-5863, CVE-2013-5865, CVE-2013-5861, CVE-2013-5862, CVE-2013-5864, CVE-2013-5839, CVE-2013-3842, CVE-2013-3837
  •  
  •  
2013-10-18
SAML, SSO, Impersonation, Authentication Bypass CVE-2017-11427, CVE-2017-11428, CVE-2017-11429, CVE-2017-11430, CVE-2018-0489, CVE-2018-7340
  •  
  •  
2018-03-01
struts2, cookie CVE-2014-0116, S2-022
  •  
  •  
2014-05-22
GHOST, Buffer Overflow, gethostbyname CVE-2015-0235
  •  
  •  
2015-01-29
PHP-CGI CVE-2012-1823
  •  
  •  
2013-01-17
"Miner" botnet
  •  
  •  
2011-09-09
Java clientside, 1.7.0_17, 1.6.0_43 CVE-2013-1493, CVE-2013-0809, CB-K13/0169
  •  
  •  
2017-01-19
OpenSSL CVE-2017-3731, CVE-2017-3730, CVE-2017-3732, CVE-2016-7055
  •  
  •  
2017-03-10
RC4, stream ciphers, SSL, TLS, BEAST, Lucky 13 CVE-2013-2566
  •  
  •  
2013-03-28
TLS, OpenSSL, Lucky Thirteen CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
  •  
  •  
2013-02-06
libxml2, HTML parser CVE-2013-1969
  •  
  •  
2013-04-29
tomcat, DOS, Header Length CVE-2012-2733
  •  
  •  
2012-11-07
Tomcat, Request Smuggling CVE-2013-4286
  •  
  •  
2014-03-10
stack clash, memory, Linux CVE-2017-1000364, CVE-2017-1000365, CVE-2017-1000367
  •  
  •  
2017-06-21
Struts2, OGNL S2-014, S2-015, S2-016, CB-K13/0388, CB-K13/0484, CVE-2013-1966, CVE-2013-2135, CVE-2013-2135, CVE-2013-2115, CVE-2013-2251
  •  
  •  
2013-08-14
Tomcat, DoS CVE-2014-0050
  •  
  •  
2014-02-21
Java CPU February 2013, Lucky Thirteen CVE-2013-0169
  •  
  •  
2013-02-20
Subscribe to Vulnerabilities