groovy-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Le Roux <jacques.le.r...@les7arts.com>
Subject Re: XML RPC Service
Date Thu, 09 Aug 2018 09:06:38 GMT
Le 06/08/2018 à 22:00, Bernhard Donaubauer a écrit :
> Jacques Le Roux <jacques.le.roux@les7arts.com>
>>
>> And there are CVEs pending :
>>
>> https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html
>>
>> Other TLPs might be affected, I guess Archiva has been picked because being the 1st
in alphabetical order...
>
> This is a pure in house service so I guess the mentioned vulnerabilities are not so crucial.
I mean if somebody has entered our network and is able 
> to start an denial of service attack to this service we have much lager problem than
one not responding service.
Actually we fixed some of these issues in OFBiz:
https://issues.apache.org/jira/browse/OFBIZ-10484
https://issues.apache.org/jira/browse/OFBIZ-10509

We prefer to be safe than sorry.

Jacques


Mime
View raw message