The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570) The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. (CVE-2016-5004) Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is…Read More
References
Back to Main