← Back

Xml Rpc

xml-rpc

Vendor: Apache • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-17570
5Apache
CanonicalDebian+2 more
5Debian Linux
FedoraSoftware Collections+2 more
Nov 21, 2024
Jan 23, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it...Show more
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.Show less
CVE-2016-5002
1Apache
1Xml Rpc
May 13, 2026
Oct 27, 2017
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.