(Red Hat Issues Fix for Red Hat Enterprise Virtualization) Apache Archiva Bugs in XML-RPC Library Let Remote Users Conduct Server-Side Request Forgery Attacks, Deny Service, and Potentially Execute Arbitrary Code
SecurityTracker Alert ID: 1041421|
SecurityTracker URL: http://securitytracker.com/id/1041421
(Links to External Site)
Date: Aug 6 2018
Denial of service via network, Execution of arbitrary code via network, Host/resource access via network, Modification of user information, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Several vulnerabilities were reported in Apache Archiva. A remote user can conduct server-side request forgery attacks. A remote user can cause the target service to crash. A remote user may be able to execute arbitrary code on the target system. Red Hat Enterprise Virtualization is affected.|
A remote user can submit a specially crafted XML DTD that, when processed by the target library, will cause the target server to connect to arbitrary ports on arbitrary hosts on the target network [CVE-2016-5002].
A remote user can send specially crafted data to deserialize data to potentially execute arbitrary code on the target system [CVE-2016-5003].
A remote user can send a specially crafted Content-Encoding header to consume excessive resources and cause denial of service conditions on the target application server [CVE-2016-5004].
The vulnerabilities reside in the ws-xmlrpc library component.
Demonstration exploit code is available at:
The original advisory is available at:
0ang3el reported this vulnerability.
A remote user can cause the target server to connect to arbitrary ports on arbitrary hosts on the target network.|
A remote user can consume excessive resources and cause denial of service conditions on the target application server.
A remote user can execute arbitrary code on the target system.
Red Hat has issued a fix for CVE-2016-5003 for Red Hat Enterprise Virtualization.|
The Red Hat advisory is available at:
Vendor URL: access.redhat.com/errata/RHSA-2018:2317 (Links to External Site)
|Underlying OS: Linux (Red Hat Enterprise)|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: [RHSA-2018:2317-01] Moderate: xmlrpc security update|
-----BEGIN PGP SIGNED MESSAGE-----
Red Hat Security Advisory
Synopsis: Moderate: xmlrpc security update
Advisory ID: RHSA-2018:2317-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2317
Issue date: 2018-07-31
CVE Names: CVE-2016-5003
An update for xmlrpc is now available for Red Hat Virtualization 4 for Red
Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Tools for RHV Engine - noarch
XML-RPC is a way to make remote procedure calls over the Internet. It
converts procedure calls into XML documents, sends them to a remote server
using the HTTP protocol, and gets back the response as XML.
The following packages have been upgraded to a later upstream version:
xmlrpc (3.1.3). (BZ#1594618)
* xmlrpc: Deserialization of untrusted Java object through
<ex:serializable> tag (CVE-2016-5003)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
5. Bugs fixed (https://bugzilla.redhat.com/):
1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag
6. Package List:
Tools for RHV Engine:
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
The Red Hat security contact is <firstname.lastname@example.org>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
RHSA-announce mailing list