CVE-2016-5002
Description
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.53
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-5003,CVE-2019-17570,CVE-2016-5002 are affected in Apache - xmlrpc 3.1.3 | Windows |
| xmlrpc Security Update (ALAS-2023-2089) xmlrpc-client-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| xmlrpc Security Update (ALAS-2023-2089) xmlrpc-common-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| xmlrpc Security Update (ALAS-2023-2089) xmlrpc-server-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| xmlrpc Security Update (ALAS-2023-2089) xmlrpc-javadoc-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| xmlrpc Security Update (ALAS2-2023-2089) xmlrpc-client-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| xmlrpc Security Update (ALAS2-2023-2089) xmlrpc-common-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| xmlrpc Security Update (ALAS2-2023-2089) xmlrpc-javadoc-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| xmlrpc Security Update (ALAS2-2023-2089) xmlrpc-server-3.1.3-9.amzn2.0.2.noarch.rpm | Linux |
| Vulnerabilities CVE-2016-5003,CVE-2019-17570,CVE-2016-5002 are affected in Apache - xmlrpc for Linux 3.1.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234