Lucene search
Gentoo FoundationMGASA-2019-0002HistoryJan 05, 2019 - 9:30 p.m.
Updated xmlrpc packages fix security vulnerabilities
2019-01-0521:30:16
Gentoo Foundation
advisories.mageia.org
44
0.42 Medium
EPSS
Percentile
97.3%
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD (CVE-2016-5002). A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element (CVE-2016-5003).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | xmlrpc | <Â 3.1.3-70.1 | xmlrpc-3.1.3-70.1.mga6 |
Related
openvas
openvas
Fedora Update for xmlrpc FEDORA-2018-4ac4229aa8
2018-06-03 00:00:00
Fedora Update for xmlrpc FEDORA-2018-6e6f1003d6
2018-06-03 00:00:00
Mageia: Security Advisory (MGASA-2019-0002)
2022-01-28 00:00:00
nessus
nessus
Fedora 27 : 1:xmlrpc (2018-6e6f1003d6)
2018-06-04 00:00:00
Fedora 28 : 1:xmlrpc (2018-4ac4229aa8)
2019-01-03 00:00:00
RHEL 7 : xmlrpc (Unpatched Vulnerability)
2024-05-11 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: xmlrpc-3.1.3-20.fc28
2018-06-02 20:46:11
[SECURITY] Fedora 27 Update: xmlrpc-3.1.3-20.fc27
2018-06-02 21:12:27
gentoo
gentoo
Apache XML-RPC: Multiple Vulnerabilities
2024-01-22 00:00:00
osv
osv
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
2022-05-14 01:53:10
Apache XML-RPC XXE Vulnerability
2022-05-14 01:53:10
amazon
amazon
Important: xmlrpc
2018-06-20 19:55:00
Medium: xmlrpc
2023-06-07 23:52:00
redhat
redhat
(RHSA-2018:1779) Important: xmlrpc3 security update
2018-05-31 16:03:41
(RHSA-2018:1780) Important: xmlrpc security update
2018-05-31 20:37:27
(RHSA-2018:1784) Important: rh-java-common-xmlrpc security update
2018-06-04 10:24:47
cvelist
cvelist
CVE-2016-5003
2017-10-27 18:00:00
CVE-2016-5002
2017-10-27 18:00:00
oraclelinux
oraclelinux
xmlrpc security update
2018-06-01 00:00:00
xmlrpc3 security update
2018-05-31 00:00:00
redhatcve
redhatcve
CVE-2016-5003
2017-10-31 20:49:18
CVE-2016-5002
2017-10-31 20:49:33
centos
centos
xmlrpc3 security update
2018-06-01 15:12:42
xmlrpc security update
2018-06-01 16:59:06
prion
prion
Code injection
2017-10-27 18:29:00
Server side request forgery (ssrf)
2017-10-27 18:29:00
github
github
Apache XML-RPC XXE Vulnerability
2022-05-14 01:53:10
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
2022-05-14 01:53:10
cve
cve
CVE-2016-5002
2017-10-27 18:29:00
CVE-2016-5003
2017-10-27 18:29:00
veracode
veracode
Deserialization Of Untrusted Data Through Serializable Data Type
2019-01-15 09:23:30