This page lists publicly disclosed CVE vulnerabilities affecting apache ws-xmlrpc (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2016-5003 | The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. | [email protected] | 9.8 | 41.52% | 2017-10-27 | 2026-05-13 |
| CVE-2016-5004 | The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. | [email protected] | 6.5 | 1.11% | 2017-06-06 | 2026-05-13 |