Description
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
Remediation
References
https://github.com/0ang3el/unsafe-xmlrpc
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
http://www.securitytracker.com/id/1036294
http://www.securityfocus.com/bid/91736
http://www.openwall.com/lists/oss-security/2016/07/12/5
Related Vulnerabilities
CVE-2022-41710 Vulnerability in npm package electron-markdownify
CVE-2023-23847 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity
CVE-2019-10786 Vulnerability in npm package network-manager
CVE-2022-39312 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.13