It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2089 advisory.

– XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. (CVE-2016-5002)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More