2 matches found
CVE-2022-34269
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...
CVE-2022-34269
CVE-2022-34269 affects RWS WorldServer versions prior to 11.7.3. An authenticated, remote attacker can trigger a blind SSRF via the endpoint ws-legacy/load_dtd?system_id=, causing JSP code deployment to the Apache Axis service on localhost and resulting in command execution. Documented impact is ...