The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/07/12/5 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/91736 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036294 | Third Party Advisory |
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html | Third Party Advisory |
https://github.com/0ang3el/unsafe-xmlrpc | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-06-06T18:00:00
Updated: 2017-06-06T17:57:01
Reserved: 2016-05-24T00:00:00
Link: CVE-2016-5004
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-06-06T18:29:00.450
Modified: 2017-06-16T13:06:12.270
Link: CVE-2016-5004
JSON object: View
Redhat Information
No data.
CWE