QwikSec

Security Database

CVE

CWE

Training

CVE-2019-17570

Published: Jan 23, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

Vendor	Product	Versions
Apache	Apache XML-RPC	affected `Apache XML-RPC all versions`

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B

https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E

[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization

mailing-list

[debian-lts-announce] 20200130 [SECURITY] [DLA 2078-1] libxmlrpc3-java security update

mailing-list

vendor-advisory

vendor-advisory

20200210 [SECURITY] [DSA 4619-1] libxmlrpc3-java security update

mailing-list

FEDORA-2020-1d0635bd71

vendor-advisory

vendor-advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.