Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Ws-xmlrpc
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5004 1 Apache 1 Ws-xmlrpc 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
CVE-2016-5003 1 Apache 1 Ws-xmlrpc 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.