CVE-2019-17570

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache XML-RPC (affected versions not specified)

Description The issue is related to an untrusted deserialization error in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library. This error is associated with the deserialization of server-side exceptions serialized in the faultCause attribute of XML-RPC error response messages. Exploitation of this issue could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. A malicious XML-RPC server could target an XML-RPC client, causing it to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2020-01960

CVE-2019-17570

DLA-2078-1

DSA-4619-1

GHSA-6VWP-35W3-XPH8

GHSA-X2R6-4M45-M4JP

MGASA-2020-0077

OESA-2022-1545

OESA-2022-2096

RHSA-2020:0310

USN-4496-1

Affected Products

Apache Xml-Rpc

Ubuntu

CVE-2019-17570

Weakness Enumeration

Related Identifiers

Affected Products

References · 42