The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/07/12/5 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2020/01/16/1 | |
http://www.openwall.com/lists/oss-security/2020/01/24/2 | |
http://www.securityfocus.com/bid/91736 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/91738 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036294 | Third Party Advisory VDB Entry |
https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html | Exploit Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:1779 | |
https://access.redhat.com/errata/RHSA-2018:1780 | |
https://access.redhat.com/errata/RHSA-2018:1784 | |
https://access.redhat.com/errata/RHSA-2018:2317 | |
https://access.redhat.com/errata/RHSA-2018:3768 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/115043 | Third Party Advisory VDB Entry |
https://security.gentoo.org/glsa/202401-26 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-10-27T18:00:00
Updated: 2020-01-24T18:06:11
Reserved: 2016-05-24T00:00:00
Link: CVE-2016-5003
JSON object: View
NVD Information
Status : Modified
Published: 2017-10-27T18:29:00.260
Modified: 2024-01-22T17:15:08.393
Link: CVE-2016-5003
JSON object: View
Redhat Information
No data.
CWE