Описание
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Отчет
Not affected. Red Hat JBoss SOA Platform 4.3 and 5.3 support the SOAPClient action, which will use the SoapUI library to make calls to external web services. However, these products use SoapUI 1.7.1, while the vulnerable property expansion feature was not introduced until SoapUI 2.5. Therefore no Red Hat products are affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss SOA Platform 4.3 | soapui | Not affected | ||
| Red Hat JBoss SOA Platform 5 | soapui | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=1058582SoapUI: remote code execution when processing WSDL
EPSS
Процентиль: 95%
0.17347
Средний
6.8 Medium
CVSS2
Связанные уязвимости
nvd
около 12 лет назад
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
EPSS
Процентиль: 95%
0.17347
Средний
6.8 Medium
CVSS2