Site icon API Security Blog

RHEL 5 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003) The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. (CVE-2016-5004) Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is…Read More

Exit mobile version