SynopsisThe remote Ubuntu host is missing a security update.
DescriptionThe remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4496-1 advisory.
- An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. (CVE-2019-17570)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpdate the affected libxmlrpc3-client-java, libxmlrpc3-common-java and / or libxmlrpc3-server-java packages.