Le 06/08/2018 à 22:00, Bernhard Donaubauer a écrit :
Jacques Le Roux <jacques.le.r...@les7arts.com>
And there are CVEs pending :
https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Other TLPs might be affected, I guess Archiva has been picked because being the
1st in alphabetical order...
This is a pure in house service so I guess the mentioned vulnerabilities are not so crucial. I mean if somebody has entered our network and is able
to start an denial of service attack to this service we have much lager problem than one not responding service.
Actually we fixed some of these issues in OFBiz:
https://issues.apache.org/jira/browse/OFBIZ-10484
https://issues.apache.org/jira/browse/OFBIZ-10509
We prefer to be safe than sorry.
Jacques
