Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-17570

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
CONFIRM: https://lists.apache.o...
MLIST: [oss-security] 2020012...
MLIST: [debian-lts-announce] ...
REDHAT: RHSA-2020:0310
DEBIAN: DSA-4619
BUGTRAQ: 20200210 [SECURITY] [D...
FEDORA: FEDORA-2020-1d0635bd71
UBUNTU: USN-4496-1
MISC: https://github.com/ora...
GENTOO: GLSA-202401-26

Launchpad.net

CVE 2019-17570

Related bugs

References