vulnerability

Amazon Linux AMI 2: CVE-2016-5002: Security patch for xmlrpc (ALAS-2023-2089)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Oct 27, 2017	Jun 13, 2023	Nov 27, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Oct 27, 2017

Added

Jun 13, 2023

Modified

Nov 27, 2024

Description

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Solutions

amazon-linux-ami-2-upgrade-xmlrpc-clientamazon-linux-ami-2-upgrade-xmlrpc-commonamazon-linux-ami-2-upgrade-xmlrpc-javadocamazon-linux-ami-2-upgrade-xmlrpc-server

References

AMAZON-AL2/ALAS-2023-2089
CVE-2016-5002
https://attackerkb.com/topics/CVE-2016-5002

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today