Test Kennung:	1.3.6.1.4.1.25623.1.0.704619
Kategorie:	Debian Local Security Checks
Titel:	Debian: Security Advisory for libxmlrpc3-java (DSA-4619-1)
Zusammenfassung:	The remote host is missing an update for the 'libxmlrpc3-java'; package(s) announced via the DSA-4619-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libxmlrpc3-java' package(s) announced via the DSA-4619-1 advisory. Vulnerability Insight: Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library. Note that a client that expects to get server-side exceptions need to set explicitly the enabledForExceptions property. Affected Software/OS: 'libxmlrpc3-java' package(s) on Debian Linux. Solution: For the oldstable distribution (stretch), this problem has been fixed in version 3.1.3-8+deb9u1. For the stable distribution (buster), this problem has been fixed in version 3.1.3-9+deb10u1. We recommend that you upgrade your libxmlrpc3-java packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17570
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.