An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache xml-rpc 3.1.3 |
||
apache xml-rpc 3.1.2 |
||
apache xml-rpc 3.1 |
||
apache xml-rpc 3.1.1 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 16.04 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
redhat software_collections 1.0 |