Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-5003

Published: 27/10/2017 Updated: 22/01/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote malicious users to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache ws-xmlrpc 3.1.3

Vendor Advisories

Red Hat: Important: xmlrpc security update
Synopsis Important: xmlrpc security update Type/Severity Security Advisory: Important Topic An update for xmlrpc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: xmlrpc3 security update
Synopsis Important: xmlrpc3 security update Type/Severity Security Advisory: Important Topic An update for xmlrpc3 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: rh-java-common-xmlrpc security update
Synopsis Important: rh-java-common-xmlrpc security update Type/Severity Security Advisory: Important Topic An update for rh-java-common-xmlrpc is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: Red Hat Fuse 7.2 security update
Synopsis Important: Red Hat Fuse 72 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...
Red Hat: Moderate: xmlrpc security update
Synopsis Moderate: xmlrpc security update Type/Severity Security Advisory: Moderate Topic An update for xmlrpc is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...
Amazon Linux 2: ALAS2-2018-1041
A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a &lt;ex:serializable&gt; element(CVE-2016-5003) ...
Red Hat: CVE-2016-5003
A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a &lt;ex:serializable&gt; element ...

Mailing Lists

Full Disclosure: RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: &lt; ...
Full Disclosure: [CVE-2019-17570] xmlrpc-common untrusted deserialization
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [CVE-2019-17570] xmlrpc-common untrusted deserialization <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: &lt;cert ...

References

CWE-502https://exchange.xforce.ibmcloud.com/vulnerabilities/115043https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.htmlhttp://www.securitytracker.com/id/1036294http://www.securityfocus.com/bid/91736http://www.openwall.com/lists/oss-security/2016/07/12/5http://www.securityfocus.com/bid/91738https://access.redhat.com/errata/RHSA-2018:1780https://access.redhat.com/errata/RHSA-2018:1779https://access.redhat.com/errata/RHSA-2018:1784https://access.redhat.com/errata/RHSA-2018:2317https://access.redhat.com/errata/RHSA-2018:3768http://www.openwall.com/lists/oss-security/2020/01/16/1http://www.openwall.com/lists/oss-security/2020/01/24/2https://security.gentoo.org/glsa/202401-26https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2018:1780https://alas.aws.amazon.com/AL2/ALAS-2018-1041.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook