CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-17570

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile36.47th
Published2020年1月23日
Last Modified2024年11月21日

Vulnerability Description

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

Affected Platforms (CPE)

📦
Apache

Xml Rpc

= 3.1
📦
Apache

Xml Rpc

= 3.1.1
📦
Apache

Xml Rpc

= 3.1.2
📦
Apache

Xml Rpc

= 3.1.3
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 18.04
💻
Fedoraproject

Fedora

= 31
💻
Fedoraproject

Fedora

= 32
📦
Redhat

Software Collections

= 1.0

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2020/01/24/2
🔗 https://access.redhat.com/errata/RHSA-2020:0310
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B
🔗 https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp
🔗 https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E
🔗 https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3QCRLJYQRGVTIYF4BXYRFSF3ONP3TBF/
🔗 https://seclists.org/bugtraq/2020/Feb/8

相关漏洞威胁

CVE-2010-060010.0

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Netw...

CVE-2018-171989.8

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versio...

CVE-2019-54349.8

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "...

CVE-2020-280359.8

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.