Even the latest code in SVN (http://svn.apache.org/viewvc/commons/proper/jcs/trunk/src/experimental/org/apache/commons/jcs/auxiliary/lateral/xmlrpc/LateralXMLRPCReceiver.java?view=markup) uses the pre-3 implementation of org.apache.xmlrpc.WebServer.
In dev-java/xmlrpc-3.x the WebServer was moved to org.apache.xmlrpc.webserver and it's public API has changed. Don't know if we can safely drop the "experimental" part from jcs.
+ 15 Jun 2015; Patrice Clement <firstname.lastname@example.org> jcs-2.0.ebuild:
+ Update xmlrpc dependency to xmlrpc:3 wrt to bug 521736. Drop ppc.
jcs-2.0 now depends on the new version of xmlrpc.
+ 15 Jun 2015; Patrice Clement <email@example.com> -jcs-126.96.36.199-r1.ebuild,
+ Remove vulnerable versions. Fix security bug 385811.