CVE-2016-5002

Name of the Vulnerable Software and Affected Versions Apache XML-RPC library version 3.1.3

Description The issue is related to an XML external entity (XXE) vulnerability in the Apache XML-RPC library. This vulnerability allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. The vulnerability is caused by incorrect restriction of XML links to external objects.

Recommendations For Apache XML-RPC library version 3.1.3, consider disabling the XML external entity processing to prevent SSRF attacks until a patch is available. Restrict access to the library to minimize the risk of exploitation. Avoid using crafted DTDs in the affected library until the issue is resolved.