Vulnerability CVE-2016-5002: Information

Description

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-5002

Published: Oct. 27, 2017

Modified: Jan. 22, 2024

Error type identifier: CWE-611

References to Advisories, Solutions, and Tools

Hyperlink	Resource
apache-archiva-cve20165002-ssrf(115042)	Issue Tracking Third Party Advisory VDB Entry
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html	Issue Tracking Third Party Advisory
1036294	Third Party Advisory VDB Entry
91736	Third Party Advisory VDB Entry
[oss-security] 20160712 Vulnerabilities in Apache Archiva	Mailing List Third Party Advisory
RHSA-2018:3768
https://security.gentoo.org/glsa/202401-26

Affected configurations:
1. Configuration 1
  cpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2016-5002: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1