Published: 27/10/2017 Updated: 22/01/2024

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache xml-rpc 3.1.3

Synopsis Important: Red Hat Fuse 72 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 313, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD (CVE-2016-5002) ...

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 313, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD ...

CWE-611 https://exchange.xforce.ibmcloud.com/vulnerabilities/115042 https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html http://www.securitytracker.com/id/1036294 http://www.securityfocus.com/bid/91736 http://www.openwall.com/lists/oss-security/2016/07/12/5 https://access.redhat.com/errata/RHSA-2018:3768 https://security.gentoo.org/glsa/202401-26 https://access.redhat.com/errata/RHSA-2018:3768 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2089.html

CVE-2016-5002

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect