CVE-2016-5002 - OpenCVE

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Xml-rpc
Redhat	Jboss Fuse

Configuration 1 [-]

cpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Fuse 7.2
camel	cpe:/a:redhat:jboss_fuse:7	RHSA-2018:3768	2018-12-04T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2016/07/12/5
http://www.securityfocus.com/bid/91736
http://www.securitytracker.com/id/1036294
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
https://access.redhat.com/errata/RHSA-2018:3768
https://exchange.xforce.ibmcloud.com/vulnerabilities/115042
https://nvd.nist.gov/vuln/detail/CVE-2016-5002
https://security.gentoo.org/glsa/202401-26
https://www.cve.org/CVERecord?id=CVE-2016-5002

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-10-27T18:00:00

Updated: 2024-08-06T00:46:40.229Z

Reserved: 2016-05-24T00:00:00

Link: CVE-2016-5002

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-10-27T18:29:00.213

Modified: 2024-01-22T17:15:08.263

Link: CVE-2016-5002

Redhat

Severity : Moderate

Publid Date: 2016-05-24T00:00:00Z

Links: CVE-2016-5002 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-05T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20160712 Vulnerabilities in Apache Archiva", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/07/12/5"}, {"name": "1036294", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036294"}, {"tags": ["x_refsource_MISC"], "url": "https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html"}, {"name": "apache-archiva-cve20165002-ssrf(115042)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115042"}, {"name": "91736", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91736"}, {"name": "RHSA-2018:3768", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"url": "https://security.gentoo.org/glsa/202401-26"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:46:40.229Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20160712 Vulnerabilities in Apache Archiva", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/07/12/5"}, {"name": "1036294", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036294"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html"}, {"name": "apache-archiva-cve20165002-ssrf(115042)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115042"}, {"name": "91736", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91736"}, {"name": "RHSA-2018:3768", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"url": "https://security.gentoo.org/glsa/202401-26", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-5002", "datePublished": "2017-10-27T18:00:00", "dateReserved": "2016-05-24T00:00:00", "dateUpdated": "2024-08-06T00:46:40.229Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0A5703F-8A78-49EC-A372-AFA4BB7B6166", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD."}, {"lang": "es", "value": "Una vulnerabilidad de XML External Entity (XXE) en la librer\u00eda Apache XML-RPC (tambi\u00e9n conocida como ws-xmlrpc) 3.1.3, como se emplea en Apache Archiva, permite que atacantes remotos lleven a cabo ataques Server-Side Request Forgery (SSRF) mediante un archivo DTD manipulado."}], "id": "CVE-2016-5002", "lastModified": "2024-01-22T17:15:08.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-27T18:29:00.213", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/07/12/5"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91736"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036294"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/115042"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202401-26"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3768", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "camel", "product_name": "Red Hat Fuse 7.2", "release_date": "2018-12-04T00:00:00Z"}], "bugzilla": {"description": "xmlrpc: XML external entity vulnerability SSRF via a crafted DTD", "id": "1508110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508110"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-611->CWE-918", "details": ["XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD."], "name": "CVE-2016-5002", "package_state": [{"cpe": "cpe:/a:redhat:jboss_dev_studio:10.", "fix_state": "Not affected", "package_name": "xmlrpc", "product_name": "JBoss Developer Studio 10"}, {"cpe": "cpe:/a:redhat:jboss_dev_studio:8.", "fix_state": "Not affected", "package_name": "xmlrpc", "product_name": "JBoss Developer Studio 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xmlrpc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "xmlrpc3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "xmlrpc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Will not fix", "package_name": "xmlrpc-common", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Affected", "package_name": "camel", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "camel", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:fuse_integration_services:2", "fix_state": "Affected", "package_name": "xmlrpc-common", "product_name": "Red Hat JBoss Fuse Integration Service 2"}, {"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Not affected", "package_name": "xmlrpc-common", "product_name": "Red Hat OpenShift Enterprise 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Affected", "package_name": "rh-java-common-xmlrpc", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "xmlrpc-common", "product_name": "Red Hat Storage 3"}], "public_date": "2016-05-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-5002\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5002"], "threat_severity": "Moderate"}