CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5003

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile4.72th
PublishedOct 27, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.

Affected Platforms (CPE)

πŸ“¦
Apache

Ws Xmlrpc

= 3.1.3

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/07/12/5
πŸ”— http://www.openwall.com/lists/oss-security/2020/01/16/1
πŸ”— http://www.openwall.com/lists/oss-security/2020/01/24/2
πŸ”— http://www.securityfocus.com/bid/91736
πŸ”— http://www.securityfocus.com/bid/91738
πŸ”— http://www.securitytracker.com/id/1036294
πŸ”— https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html
πŸ”— https://access.redhat.com/errata/RHSA-2018:1779

Related Vulnerabilities

CVE-2014-293510.0

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell met...

CVE-2021-403239.8

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for ...

CVE-2019-175709.8

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (ak...

CVE-2019-90209.8

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the...