9.8

CVE-2019-17570

Exploit
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheXml-rpc Version3.1
ApacheXml-rpc Version3.1.1
ApacheXml-rpc Version3.1.2
ApacheXml-rpc Version3.1.3
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
FedoraprojectFedora Version31
FedoraprojectFedora Version32
RedhatSoftware Collections Version1.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
   RedhatEnterprise Linux Version7.5
   RedhatEnterprise Linux Version7.6
   RedhatEnterprise Linux Version7.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 49.29% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://security.gentoo.org/glsa/202401-26
http://www.openwall.com/lists/oss-security/2020/01/24/2
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2020:0310
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B
https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp
Third Party Advisory
Exploit
https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E
Vendor Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3QCRLJYQRGVTIYF4BXYRFSF3ONP3TBF/
https://seclists.org/bugtraq/2020/Feb/8
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4496-1/
Patch
Third Party Advisory
https://www.debian.org/security/2020/dsa-4619
Third Party Advisory