CVE-2016-5004

Опубликовано: 06 июн. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.

Ссылки

http://www.openwall.com/lists/oss-security/2016/07/12/5
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/91736
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036294
Third Party Advisory
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Third Party Advisory
https://github.com/0ang3el/unsafe-xmlrpc
Exploit
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/12/5
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/91736
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036294
Third Party Advisory
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Third Party Advisory
https://github.com/0ang3el/unsafe-xmlrpc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ws-xmlrpc:3.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.0114

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2016-5004

CVSS3: 5

redhat

больше 9 лет назад

GHSA-r2pg-w96p-pcpj