{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T11:29:19.447","vulnerabilities":[{"cve":{"id":"CVE-2019-17570","sourceIdentifier":"security@apache.org","published":"2020-01-23T22:15:10.200","lastModified":"2024-11-21T04:32:33.230","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed."},{"lang":"es","value":"Se detectó una deserialización no confiable en el método org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult de la biblioteca Apache XML-RPC (también se conoce como ws-xmlrpc). Un servidor XML-RPC malicioso podría apuntar a un cliente XML-RPC causando que ejecute código arbitrario. Apache XML-RPC ya no se mantiene y este problema no será solucionado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:xml-rpc:3.1:*:*:*:*:*:*:*","matchCriteriaId":"C01DEF06-2B4B-4AB9-80BD-AB23477B8947"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:xml-rpc:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A79A448D-BB72-4308-A39B-064309B1FBDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:xml-rpc:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"641E3E64-4530-492C-A92F-9ABB181C3D15"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:xml-rpc:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0A5703F-8A78-49EC-A372-AFA4BB7B6166"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","matchCriteriaId":"36D96259-24BD-44E2-96D9-78CE1D41F956"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","matchCriteriaId":"9D7EE4B6-A6EC-4B9B-91DF-79615796673F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*","matchCriteriaId":"4EB48767-F095-444F-9E05-D9AC345AB803"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5F6FA12B-504C-4DBF-A32E-0548557AA2ED"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.7:*:*:*:*:*:*:*","matchCriteriaId":"5B1633BB-7D54-4564-BC1C-3B80BA6FF215"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2020/01/24/2","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0310","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B","source":"security@apache.org"},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp","source":"security@apache.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3QCRLJYQRGVTIYF4BXYRFSF3ONP3TBF/","source":"security@apache.org"},{"url":"https://seclists.org/bugtraq/2020/Feb/8","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202401-26","source":"security@apache.org"},{"url":"https://usn.ubuntu.com/4496-1/","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4619","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2020/01/24/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3QCRLJYQRGVTIYF4BXYRFSF3ONP3TBF/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://seclists.org/bugtraq/2020/Feb/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202401-26","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4496-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4619","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}