9.3
CVSSv2

CVE-2016-5002

Published: 27/10/2017 Updated: 05/12/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Affected Products

Vendor Product Versions
ApacheXml-rpc3.1.3

Vendor Advisories

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 313, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD ...
Synopsis Important: Red Hat Fuse 72 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...

Github Repositories

我的漏洞复现记录(持续更新中) CVE-NO STATUS RESULT REFERENCE 中间件漏洞 Tomcat 7086 CVE-2016-5003 FINISH FAIL 0ang3elblogspotru/2016/07/beware-of-ws-xmlrpc-library-in-yourhtml CVE-2016-5002 FINISH PASS 0ang3elblogspotru/2016/07/beware-of-ws-xmlrpc-library-in-yourhtml 8036 CVE-2016-8735 FINISH PASS gv7me/articles