XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/07/12/5 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/91736 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036294 | Third Party Advisory VDB Entry |
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html | Issue Tracking Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3768 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/115042 | Issue Tracking Third Party Advisory VDB Entry |
https://security.gentoo.org/glsa/202401-26 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-10-27T18:00:00
Updated: 2018-12-05T10:57:01
Reserved: 2016-05-24T00:00:00
Link: CVE-2016-5002
JSON object: View
NVD Information
Status : Modified
Published: 2017-10-27T18:29:00.213
Modified: 2024-01-22T17:15:08.263
Link: CVE-2016-5002
JSON object: View
Redhat Information
No data.
CWE