Skip to main content

Ws Xmlrpc

2 CVEs product

Monthly

CVE-2016-5003 Maven CRITICAL POC THREAT Emergency

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

Deserialization Java Apache RCE Ws Xmlrpc
NVD
CVSS 3.0
9.8
EPSS
41.5%
Threat
4.7
CVE-2016-5004 Maven MEDIUM POC This Month

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apache Ws Xmlrpc
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
EPSS 42% 4.7 CVSS 9.8
CRITICAL POC THREAT Emergency

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

Deserialization Java Apache +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apache Ws Xmlrpc
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy