Important: xmlrpc - API Security Blog

Main / Important: xmlrpc

Important: xmlrpc

Discription

**Issue Overview:**

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. (CVE-2019-17570)

**Affected Packages:**

xmlrpc

**Issue Correction:**
Run _yum update xmlrpc_ to update your system.

**New Packages:**

noarch:
Â Â Â xmlrpc-javadoc-3.1.3-9.amzn2.0.1.noarch
Â Â Â xmlrpc-common-3.1.3-9.amzn2.0.1.noarch
Â Â Â xmlrpc-client-3.1.3-9.amzn2.0.1.noarch
Â Â Â xmlrpc-server-3.1.3-9.amzn2.0.1.noarch

src:
Â Â Â xmlrpc-3.1.3-9.amzn2.0.1.src

### Additional References

Red Hat: [CVE-2019-17570]()

Mitre: [CVE-2019-17570]()Read More

References

Back to Main

Subscribe for the latest news: