| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-5002 | 9.3 |
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
|
22-01-2024 - 17:15 | 27-10-2017 - 18:29 | |
| CVE-2016-5003 | 7.5 |
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.
|
22-01-2024 - 17:15 | 27-10-2017 - 18:29 | |
| CVE-2016-5004 | 4.3 |
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
|
16-06-2017 - 13:06 | 06-06-2017 - 18:29 |