Description
XML external entity (XXE) vulnerability in the Apache XML-RPC
(aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote
attackers to conduct server-side request forgery (SSRF) attacks via a
crafted DTD (CVE-2016-5002).
A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that
deserializes untrusted data when enabledForExtensions setting is
enabled. A remote attacker could use this vulnerability to execute
arbitrary code via a crafted serialized Java object in a