RHEL 7 : xmlrpc (Unpatched Vulnerability)
Discription

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570) The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. (CVE-2016-5004) Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is…Read More

Back to Main

Subscribe for the latest news: