Описание
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 10 | xmlrpc | Not affected | ||
| JBoss Developer Studio 8 | xmlrpc | Not affected | ||
| Red Hat Enterprise Linux 5 | xmlrpc | Will not fix | ||
| Red Hat Enterprise Linux 6 | xmlrpc3 | Will not fix | ||
| Red Hat Enterprise Linux 7 | xmlrpc | Will not fix | ||
| Red Hat Enterprise Virtualization 3 | xmlrpc-common | Will not fix | ||
| Red Hat Fuse 7 | camel | Affected | ||
| Red Hat JBoss Fuse 6 | camel | Affected | ||
| Red Hat JBoss Fuse Integration Service 2 | xmlrpc-common | Affected | ||
| Red Hat Software Collections | rh-java-common-xmlrpc | Affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-409
https://bugzilla.redhat.com/show_bug.cgi?id=1508129xmlrpc: DoS through decompression-bomb attack when Content-Encoding=gzip
EPSS
Процентиль: 78%
0.0114
Низкий
5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 8 лет назад
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
EPSS
Процентиль: 78%
0.0114
Низкий
5 Medium
CVSS3