A collection of 4 issues
CVE-2022-40705 An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP 2.2 and later versions.
The most common attack scenario is an unauthenticated remote code execution. Due to the fact that RPCRouterServlet is not protected by a filter, an attacker can exploit this vulnerability by injecting malicious SOAP messages. In order to exploit this issue, the attacker must be able to send SOAP messages to
2 min read
Subscribe to
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.