Lucene search
K

42 matches found

CVE
CVE
added 2020/01/23 12:0 a.m.221 views

CVE-2019-17570

The CVE-2019-17570 issue affects Apache XML-RPC (ws-xmlrpc) Java library. Root cause: untrusted deserialization in XmlRpcResponseParser:addResult that could allow a malicious XML-RPC server to cause arbitrary code execution on a vulnerable client. Impact: high (remote code execution) with network...

9.8CVSS9.5AI score0.49285EPSS
Exploits2References11Affected Software1
Debian CVE
Debian CVE
added 2020/01/23 12:0 a.m.38 views

CVE-2019-17570

Removed by vendor...

9.8CVSS8.6AI score0.49285EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2020/01/23 12:0 a.m.8 views

PT-2020-2099 · Apache +1 · Apache Xml-Rpc +1

Name of the Vulnerable Software and Affected Versions: Apache XML-RPC affected versions not specified Description: The issue is related to an untrusted deserialization error in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library. This error is associat...

10CVSS8.6AI score0.49285EPSS
Exploits2References41
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.32 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : xmlrpc Vulnerability (NS-SA-2019-0037)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xmlrpc packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacke...

9.8CVSS8.3AI score0.14876EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.34 views

NewStart CGSL MAIN 4.05 : xmlrpc3 Vulnerability (NS-SA-2019-0136)

The remote NewStart CGSL host, running version MAIN 4.05, has xmlrpc3 packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use...

9.8CVSS8.3AI score0.14876EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/07/31 5:50 p.m.6 views

xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

9.8CVSS6.2AI score0.14876EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/06/29 12:0 a.m.49 views

Amazon Linux 2 : xmlrpc (ALAS-2018-1041)

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a ex:serializable element.CVE-2016-5003 C...

9.8CVSS8.1AI score0.14876EPSS
Exploits1References2
Amazon
Amazon
added 2018/06/20 12:0 a.m.27 views

Important: xmlrpc

Issue Overview: A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element.CVE-2016-5003...

9.8CVSS9.8AI score0.14876EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/06/04 12:0 a.m.32 views

CentOS 7 : xmlrpc (CESA-2018:1780)

An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS8.1AI score0.14876EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/04 12:0 a.m.27 views

CentOS 6 : xmlrpc3 (CESA-2018:1779)

An update for xmlrpc3 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS8.1AI score0.14876EPSS
Exploits1References2
Fedora
Fedora
added 2018/06/02 8:46 p.m.40 views

[SECURITY] Fedora 28 Update: xmlrpc-3.1.3-20.fc28

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Apache XML-RPC was previously known as Helma XML-RPC. If you have code using the Helma library, all you should have to do is change the import statements in your cod...

9.8CVSS0.7AI score0.14876EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/06/01 12:0 a.m.32 views

Oracle Linux 7 : xmlrpc (ELSA-2018-1780)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1780 advisory. 1:3.1.3-9 - Disallow deserialization of tags by default - Resolves: CVE-2016-5003 Tenable has extracted the preceding description block directly from the Oracle...

9.8CVSS8.2AI score0.14876EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/01 12:0 a.m.30 views

Oracle Linux 6 : xmlrpc3 (ELSA-2018-1779)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1779 advisory. - Related: CVE-2016-5003 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

9.8CVSS8.1AI score0.14876EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/05/31 9:11 p.m.7 views

xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

9.8CVSS6.2AI score0.14876EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2018/05/31 9:11 p.m.135 views

Important: Red Hat Security Advisory: xmlrpc security update

An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.3AI score0.14876EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.4 views

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) arises from the possibility of retrieving data from external sources without sufficient verification. This allows attackers to execute arbitrary code.

The vulnerability of the Apache XML-RPC library exists due to the retrieval of data from an external source without sufficient verification. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted serializable Java object, with the use of the...

9.8CVSS8.2AI score0.14876EPSS
Exploits1References9Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.5 views

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) is related to improper restrictions on XML links to external objects, which allows attackers to perform SSRF attacks.

The vulnerability of the Apache XML-RPC library ws-xmlrpc is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using specially crafted DTDs...

9.3CVSS7.8AI score0.08275EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2017/10/27 6:29 p.m.21 views

CVE-2016-5002

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...

9.3CVSS8AI score0.08275EPSS
Exploits0References7
OSV
OSV
added 2017/10/27 6:29 p.m.3 views

CVE-2016-5003

The Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element...

9.8CVSS6.1AI score
Exploits0References14
CNVD
CNVD
added 2016/07/15 12:0 a.m.3 views

Apache XML-RPC Server-Side Denial of Service Vulnerability

Apache XML-RPC is a simple , lightweight set of specifications for RPC communication over the HTTP protocol . A denial of service vulnerability exists in Apache XML-RPC that allows remote attackers to cause a denial of service condition...

6.5CVSS6.9AI score0.0644EPSS
Exploits1References1
Rows per page
Query Builder