Ws Xmlrpc

ws-xmlrpc

Vendor: Apache • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-5003 1Apache 1Ws Xmlrpc May 13, 2026 Oct 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.
CVE-2016-5004 1Apache 1Ws Xmlrpc May 13, 2026 Jun 6, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.