groovy-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mauro Sanna <mrsan...@gmail.com>
Subject Re: XML RPC Service
Date Thu, 09 Aug 2018 09:30:59 GMT
Please delete me.

On Thu, 9 Aug 2018 at 11:06, Jacques Le Roux <jacques.le.roux@les7arts.com>
wrote:

> Le 06/08/2018 à 22:00, Bernhard Donaubauer a écrit :
>
> Jacques Le Roux <jacques.le.roux@les7arts.com>
> <jacques.le.roux@les7arts.com>
>
> And there are CVEs pending :
>
> https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html
>
> Other TLPs might be affected, I guess Archiva has been picked because
> being the 1st in alphabetical order...
>
>
> This is a pure in house service so I guess the mentioned vulnerabilities
> are not so crucial. I mean if somebody has entered our network and is able
> to start an denial of service attack to this service we have much lager
> problem than one not responding service.
>
> Actually we fixed some of these issues in OFBiz:
> https://issues.apache.org/jira/browse/OFBIZ-10484
> https://issues.apache.org/jira/browse/OFBIZ-10509
>
> We prefer to be safe than sorry.
>
> Jacques
>
>

Mime
View raw message