VYPR

Maven package

org.apache.xmlrpc/xmlrpc

pkg:maven/org.apache.xmlrpc/xmlrpc

Vulnerabilities (3)

  • CVE-2019-17570Jan 23, 2020
    affected <= 3.1.3

    An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maint

  • CVE-2016-5003CriOct 27, 2017
    affected <= 3.1.3

    The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.

  • CVE-2016-5002HigOct 27, 2017
    affected <= 3.1.3

    XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.