Lucene search
ApacheCVELIST:CVE-2022-40705HistorySep 22, 2022 - 8:15 a.m.
CVE-2022-40705 Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP
2022-09-2208:15:16
CWE-611
apache
www.cve.org
3
cve-2022-40705
apache soap
xml external entity injection
unauthorized file read
http
rpcrouterservlet
maintainer unsupported
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CNA Affected
[
{
"product": "Apache SOAP",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.2",
"status": "unknown"
}
],
"lessThan": "Apache SOAP*",
"status": "affected",
"version": "2.2",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
osv
osv
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP
2022-09-23 00:00:46
github
github
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP
2022-09-23 00:00:46
ibm
ibm
nvd
nvd
CVE-2022-40705
2022-09-22 09:15:09
prion
prion
Xxe
2022-09-22 09:15:00
veracode
veracode
Information Disclosure
2022-09-28 02:42:55
cnvd
cnvd
Apache SOAP XML External Entity Injection Vulnerability
2022-09-26 00:00:00
cve
cve
CVE-2022-40705
2022-09-22 09:15:09
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00