Описание
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02063
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 6.4
redhat
больше 9 лет назад
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
CVSS3: 7.8
fstec
больше 9 лет назад
Уязвимость библиотеки Apache XML-RPC (ws-xmlrpc), связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю выполнять атаки SSRF
EPSS
Процентиль: 84%
0.02063
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-611