Vulnerabilities > Apache > XML RPC

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-17570 Deserialization of Untrusted Data vulnerability in multiple products
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library.
network
low complexity
apache debian canonical fedoraproject redhat CWE-502
critical
 9.8
9.8
2017-10-27 CVE-2016-5002 XXE vulnerability in Apache Xml-Rpc 3.1.3
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
local
low complexity
apache CWE-611
7.8
7.8