Medium severity6.5NVD Advisory· Published Jun 6, 2017· Updated May 13, 2026
CVE-2016-5004
CVE-2016-5004
Description
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.xmlrpc:xmlrpc-commonMaven | <= 3.1.3 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.openwall.com/lists/oss-security/2016/07/12/5nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/91736nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036294nvdThird Party Advisory
- 0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.htmlnvdThird Party Advisory
- github.com/advisories/GHSA-r2pg-w96p-pcpjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-5004ghsaADVISORY
- web.archive.org/web/20160716070844/http://www.securitytracker.com/id/1036294ghsaWEB
- web.archive.org/web/20171111065719/http://www.securityfocus.com/bid/91736ghsaWEB
- web.archive.org/web/20171114185236/https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.htmlghsaWEB
News mentions
0No linked articles in our index yet.