42 matches found
CVE-2019-17570
The CVE-2019-17570 issue affects Apache XML-RPC (ws-xmlrpc) Java library. Root cause: untrusted deserialization in XmlRpcResponseParser:addResult that could allow a malicious XML-RPC server to cause arbitrary code execution on a vulnerable client. Impact: high (remote code execution) with network...
CVE-2019-17570
Removed by vendor...
PT-2020-2099 · Apache +1 · Apache Xml-Rpc +1
Name of the Vulnerable Software and Affected Versions: Apache XML-RPC affected versions not specified Description: The issue is related to an untrusted deserialization error in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library. This error is associat...
NewStart CGSL CORE 5.04 / MAIN 5.04 : xmlrpc Vulnerability (NS-SA-2019-0037)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xmlrpc packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacke...
NewStart CGSL MAIN 4.05 : xmlrpc3 Vulnerability (NS-SA-2019-0136)
The remote NewStart CGSL host, running version MAIN 4.05, has xmlrpc3 packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use...
xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag
A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...
Amazon Linux 2 : xmlrpc (ALAS-2018-1041)
A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a ex:serializable element.CVE-2016-5003 C...
Important: xmlrpc
Issue Overview: A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element.CVE-2016-5003...
CentOS 7 : xmlrpc (CESA-2018:1780)
An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CentOS 6 : xmlrpc3 (CESA-2018:1779)
An update for xmlrpc3 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
[SECURITY] Fedora 28 Update: xmlrpc-3.1.3-20.fc28
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Apache XML-RPC was previously known as Helma XML-RPC. If you have code using the Helma library, all you should have to do is change the import statements in your cod...
Oracle Linux 7 : xmlrpc (ELSA-2018-1780)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1780 advisory. 1:3.1.3-9 - Disallow deserialization of tags by default - Resolves: CVE-2016-5003 Tenable has extracted the preceding description block directly from the Oracle...
Oracle Linux 6 : xmlrpc3 (ELSA-2018-1779)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1779 advisory. - Related: CVE-2016-5003 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...
xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag
A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...
Important: Red Hat Security Advisory: xmlrpc security update
An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
The vulnerability of the Apache XML-RPC library (ws-xmlrpc) arises from the possibility of retrieving data from external sources without sufficient verification. This allows attackers to execute arbitrary code.
The vulnerability of the Apache XML-RPC library exists due to the retrieval of data from an external source without sufficient verification. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted serializable Java object, with the use of the...
The vulnerability of the Apache XML-RPC library (ws-xmlrpc) is related to improper restrictions on XML links to external objects, which allows attackers to perform SSRF attacks.
The vulnerability of the Apache XML-RPC library ws-xmlrpc is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using specially crafted DTDs...
CVE-2016-5002
XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...
CVE-2016-5003
The Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element...
Apache XML-RPC Server-Side Denial of Service Vulnerability
Apache XML-RPC is a simple , lightweight set of specifications for RPC communication over the HTTP protocol . A denial of service vulnerability exists in Apache XML-RPC that allows remote attackers to cause a denial of service condition...