CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5002

HIGH
7.8
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile19.02th
PublishedOct 27, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Affected Platforms (CPE)

πŸ“¦
Apache

Xml Rpc

= 3.1.3

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/07/12/5
πŸ”— http://www.securityfocus.com/bid/91736
πŸ”— http://www.securitytracker.com/id/1036294
πŸ”— https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
πŸ”— https://access.redhat.com/errata/RHSA-2018:3768
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/115042
πŸ”— https://security.gentoo.org/glsa/202401-26
πŸ”— http://www.openwall.com/lists/oss-security/2016/07/12/5

Related Vulnerabilities

CVE-2010-060010.0

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Netw...

CVE-2018-171989.8

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versio...

CVE-2019-54349.8

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "...

CVE-2019-175709.8

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (ak...