Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qcThjLWo0N2MtdnZ3bc4AAvAR
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Permalink: https://github.com/advisories/GHSA-jq8c-j47c-vvwmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcThjLWo0N2MtdnZ3bc4AAvAR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 8 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-jq8c-j47c-vvwm, CVE-2022-40705
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-40705
- https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl
- http://www.openwall.com/lists/oss-security/2022/09/22/1
- https://github.com/advisories/GHSA-jq8c-j47c-vvwm
Affected Packages
maven:soap:soap
Versions: >= 2.2, <= 2.3.1No known fixed version