Jacques Le Roux <email@example.com>Actually we fixed some of these issues in OFBiz:
And there are CVEs pending :https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Other TLPs might be affected, I guess Archiva has been picked because being the 1st in alphabetical order...
This is a pure in house service so I guess the mentioned vulnerabilities are not so crucial. I mean if somebody has entered our network and is able to start an denial of service attack to this service we have much lager problem than one not responding service.