VDB

GCVE-VVD-MAGEIA-2019-2

GCVE-VVD-MAGEIA-2019-2
Advisory Published
Vulnetix · Advisory published January 11, 2019
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD (CVE-2016-5002). A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a <ex:serializable> element (CVE-2016-5003).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiakmymoney0 (affected), 5.0.2-3.mga6 (unaffected)
Mageiaxmlrpc0 (affected), 3.1.3-70.1.mga6 (unaffected), 0 (affected), 3.1.3-70.1.mga6 (unaffected)

References

Updated xmlrpc packages fix security vulnerabilities
advisory
Updated xmlrpc packages fix security vulnerabilities
issue
Updated xmlrpc packages fix security vulnerabilities
issue
Updated kmymoney packages fix many bugs
advisory
Updated kmymoney packages fix many bugs
issue
Updated kmymoney packages fix many bugs
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›