Vulnerability CVE-2016-5002: Information
Description
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
apache-archiva-cve20165002-ssrf(115042) |
|
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html |
|
1036294 |
|
91736 |
|
[oss-security] 20160712 Vulnerabilities in Apache Archiva |
|
RHSA-2018:3768 | |
https://security.gentoo.org/glsa/202401-26 |