Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17570 | 5 Apache, Canonical, Debian and 2 more | 6 Xml-rpc, Ubuntu Linux, Debian Linux and 3 more | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. | |||||
CVE-2016-5002 | 1 Apache | 1 Xml-rpc | 2018-12-05 | 9.3 HIGH | 7.8 HIGH |
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. |