Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0002)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0002

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0002)

Resumen: The remote host is missing an update for the 'xmlrpc' package(s) announced via the MGASA-2019-0002 advisory.

Descripción: Summary:
The remote host is missing an update for the 'xmlrpc' package(s) announced via the MGASA-2019-0002 advisory.

Vulnerability Insight:
XML external entity (XXE) vulnerability in the Apache XML-RPC
(aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote
attackers to conduct server-side request forgery (SSRF) attacks via a
crafted DTD (CVE-2016-5002).

A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that
deserializes untrusted data when enabledForExtensions setting is
enabled. A remote attacker could use this vulnerability to execute
arbitrary code via a crafted serialized Java object in a
element (CVE-2016-5003).

Affected Software/OS:
'xmlrpc' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5002
https://security.gentoo.org/glsa/202401-26
1036294
http://www.securitytracker.com/id/1036294
91736
http://www.securityfocus.com/bid/91736
RHSA-2018:3768
https://access.redhat.com/errata/RHSA-2018:3768
[oss-security] 20160712 Vulnerabilities in Apache Archiva
http://www.openwall.com/lists/oss-security/2016/07/12/5
apache-archiva-cve20165002-ssrf(115042)
https://exchange.xforce.ibmcloud.com/vulnerabilities/115042
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5003
91738
http://www.securityfocus.com/bid/91738
RHSA-2018:1779
https://access.redhat.com/errata/RHSA-2018:1779
RHSA-2018:1780
https://access.redhat.com/errata/RHSA-2018:1780
RHSA-2018:1784
https://access.redhat.com/errata/RHSA-2018:1784
RHSA-2018:2317
https://access.redhat.com/errata/RHSA-2018:2317
[oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization
http://www.openwall.com/lists/oss-security/2020/01/16/1
[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization
http://www.openwall.com/lists/oss-security/2020/01/24/2
apache-archiva-cve20165003-code-exec(115043)
https://exchange.xforce.ibmcloud.com/vulnerabilities/115043
https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0002
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0002)
Resumen:	The remote host is missing an update for the 'xmlrpc' package(s) announced via the MGASA-2019-0002 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xmlrpc' package(s) announced via the MGASA-2019-0002 advisory. Vulnerability Insight: XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD (CVE-2016-5002). A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element (CVE-2016-5003). Affected Software/OS: 'xmlrpc' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5002 https://security.gentoo.org/glsa/202401-26 1036294 http://www.securitytracker.com/id/1036294 91736 http://www.securityfocus.com/bid/91736 RHSA-2018:3768 https://access.redhat.com/errata/RHSA-2018:3768 [oss-security] 20160712 Vulnerabilities in Apache Archiva http://www.openwall.com/lists/oss-security/2016/07/12/5 apache-archiva-cve20165002-ssrf(115042) https://exchange.xforce.ibmcloud.com/vulnerabilities/115042 https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5003 91738 http://www.securityfocus.com/bid/91738 RHSA-2018:1779 https://access.redhat.com/errata/RHSA-2018:1779 RHSA-2018:1780 https://access.redhat.com/errata/RHSA-2018:1780 RHSA-2018:1784 https://access.redhat.com/errata/RHSA-2018:1784 RHSA-2018:2317 https://access.redhat.com/errata/RHSA-2018:2317 [oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization http://www.openwall.com/lists/oss-security/2020/01/16/1 [oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization http://www.openwall.com/lists/oss-security/2020/01/24/2 apache-archiva-cve20165003-code-exec(115043) https://exchange.xforce.ibmcloud.com/vulnerabilities/115043 https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Copyright	Copyright (C) 2022 Greenbone AG