Site icon API Security Blog

Important: xmlrpc

**Issue Overview:**

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. (CVE-2019-17570)

**Affected Packages:**

xmlrpc

**Issue Correction:**
Run _yum update xmlrpc_ to update your system.

**New Packages:**

noarch:
    xmlrpc-javadoc-3.1.3-9.amzn2.0.1.noarch
    xmlrpc-common-3.1.3-9.amzn2.0.1.noarch
    xmlrpc-client-3.1.3-9.amzn2.0.1.noarch
    xmlrpc-server-3.1.3-9.amzn2.0.1.noarch

src:
    xmlrpc-3.1.3-9.amzn2.0.1.src

### Additional References

Red Hat: [CVE-2019-17570]()

Mitre: [CVE-2019-17570]()Read More

Exit mobile version