XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. References: http://www.openwall.com/lists/oss-security/2016/07/12/5 https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Created xmlrpc tracking bugs for this issue: Affects: fedora-all [bug 1508111]
This issue has been addressed in the following products: Red Hat Fuse 7.2 Via RHSA-2018:3768 https://access.redhat.com/errata/RHSA-2018:3768
Upstream Patch: https://src.fedoraproject.org/rpms/xmlrpc/c/2db59ec8a8b4d358802e98ce0151af84d7b93752?branch=master