Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apache Subscribe
Filtered by product Xml-rpc
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17570 5 Apache, Canonical, Debian and 2 more 6 Xml-rpc, Ubuntu Linux, Debian Linux and 3 more 2022-09-02 7.5 HIGH 9.8 CRITICAL
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.
CVE-2016-5002 1 Apache 1 Xml-rpc 2018-12-05 9.3 HIGH 7.8 HIGH
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.