Untrusted Deserialization Vulnerability in Apache XML-RPC Library

Untrusted Deserialization Vulnerability in Apache XML-RPC Library

CVE-2019-17570 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

Learn more about our Cis Benchmark Audit For Apache Http Server.