CVE-2019-17570

The CVE-2019-17570 issue affects Apache XML-RPC (ws-xmlrpc) Java library. Root cause: untrusted deserialization in XmlRpcResponseParser:addResult that could allow a malicious XML-RPC server to cause arbitrary code execution on a vulnerable client. Impact: high (remote code execution) with network...

PT-2020-2099 · Apache +1 · Apache Xml-Rpc +1

Name of the Vulnerable Software and Affected Versions: Apache XML-RPC affected versions not specified Description: The issue is related to an untrusted deserialization error in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library. This error is associat...

CVE-2019-17570

Removed by vendor...

NewStart CGSL MAIN 4.05 : xmlrpc3 Vulnerability (NS-SA-2019-0136)

The remote NewStart CGSL host, running version MAIN 4.05, has xmlrpc3 packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xmlrpc Vulnerability (NS-SA-2019-0037)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xmlrpc packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacke...

[SECURITY] Fedora 29 Update: xml-security-c-2.0.2-1.fc29

The xml-security-c library is a C++ implementation of the XML Digital Signature specification. The library makes use of the Apache XML project's Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

[SECURITY] [DLA 1458-1] xml-security-c security update

Package : xml-security-c Version : 1.7.2-3+deb8u1 CVE ID : not yet available Debian Bug : 905332 It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing...

[SECURITY] [DSA 4265-1] xml-security-c security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4265-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 05, 2018 https://www.debian.org/security/faq -...

xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

Amazon Linux 2 : xmlrpc (ALAS-2018-1041)

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a ex:serializable element.CVE-2016-5003 C...

Important: xmlrpc

Issue Overview: A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element.CVE-2016-5003...

CentOS 6 : xmlrpc3 (CESA-2018:1779)

An update for xmlrpc3 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CentOS 7 : xmlrpc (CESA-2018:1780)

An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

[SECURITY] Fedora 28 Update: xmlrpc-3.1.3-20.fc28

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Apache XML-RPC was previously known as Helma XML-RPC. If you have code using the Helma library, all you should have to do is change the import statements in your cod...

Oracle Linux 6 : xmlrpc3 (ELSA-2018-1779)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1779 advisory. - Related: CVE-2016-5003 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

Oracle Linux 7 : xmlrpc (ELSA-2018-1780)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1780 advisory. 1:3.1.3-9 - Disallow deserialization of tags by default - Resolves: CVE-2016-5003 Tenable has extracted the preceding description block directly from the Oracle...

xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

Important: Red Hat Security Advisory: xmlrpc security update

An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) arises from the possibility of retrieving data from external sources without sufficient verification. This allows attackers to execute arbitrary code.

The vulnerability of the Apache XML-RPC library exists due to the retrieval of data from an external source without sufficient verification. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted serializable Java object, with the use of the...

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) is related to improper restrictions on XML links to external objects, which allows attackers to perform SSRF attacks.

The vulnerability of the Apache XML-RPC library ws-xmlrpc is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using specially crafted DTDs...