QwikSec

Security Database

CVE

CWE

Training

CVE-2022-40705

Published: Sep 22, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vendor	Product	Versions
Apache Software Foundation	Apache SOAP	affected `2.2 - < Apache SOAP*`

Weaknesses (CWE)

References

https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl

x_refsource_MISC

[oss-security] 20220922 CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.