Site icon API Security Blog

Medium: xmlrpc

**Issue Overview:**

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. (CVE-2016-5002)

**Affected Packages:**

xmlrpc

**Issue Correction:**
Run _yum update xmlrpc_ to update your system.

**New Packages:**

noarch:
    xmlrpc-javadoc-3.1.3-9.amzn2.0.2.noarch
    xmlrpc-common-3.1.3-9.amzn2.0.2.noarch
    xmlrpc-client-3.1.3-9.amzn2.0.2.noarch
    xmlrpc-server-3.1.3-9.amzn2.0.2.noarch

src:
    xmlrpc-3.1.3-9.amzn2.0.2.src

### Additional References

Red Hat: [CVE-2016-5002]()

Mitre: [CVE-2016-5002]()Read More

Exit mobile version