CVE-2019-17570 vulnerability in Apache and Other Products
Published on January 23, 2020

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-17570

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-17570 are published in these products:

Apache Xml Rpc

Debian Linux

Canonical Ubuntu Linux

Fedora Project Fedora

Affected Versions

Apache XML-RPC Version Apache XML-RPC all versions is affected by CVE-2019-17570

Exploit Probability

EPSS

70.52%

Percentile

98.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-17570 vulnerability in Apache and Other ProductsPublished on January 23, 2020

Products Associated with CVE-2019-17570

Affected Versions

Exploit Probability

CVE-2019-17570 vulnerability in Apache and Other Products
Published on January 23, 2020