Download
| Alert*
oval:org.secpod.oval:def:1701379
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fi ... oval:org.secpod.oval:def:69949 Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to e ... oval:org.secpod.oval:def:505095 Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix: * xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response For more details about the security issue, including the impa ... oval:org.secpod.oval:def:61768 Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to e ... oval:org.secpod.oval:def:604743 Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to e ... oval:org.secpod.oval:def:705616 libxmlrpc3-java: XML-RPC implementation in Java Apache XML-RPC could be made to execute arbitrary code if it received specially crafted data by a malicious XML-RPC server. oval:org.secpod.oval:def:67104 libxmlrpc3-java: XML-RPC implementation in Java Apache XML-RPC could be made to execute arbitrary code if it received specially crafted data by a malicious XML-RPC server. |