GHSA-789v-h9hw-38pg

Опубликовано: 14 нояб. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Apache SOAP contains unauthenticated RPCRouterServlet

** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

Пакеты

Наименование

soap:soap

maven

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

EPSS

Процентиль: 89%

0.04512

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-45378

Дефекты

CWE-287

CWE-306

CWE-502

Связанные уязвимости

CVE-2022-45378

CVSS3: 9.8

nvd

около 3 лет назад

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

EPSS

Процентиль: 89%

0.04512

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-45378

Дефекты

CWE-287

CWE-306

CWE-502