CVE-2026-40997 SOAP security faults leak Spring Security account state

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

EUVD-2014-6056

Malware in sbrugna...

SUSE CVE-2015-4599

The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code via an unexpected data type, related to a...

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by error handling vulnerability (CVE-2014-6170).

Summary The HTTPInput node of WebSphere Message Broker and IBM Integration Bus can return a soap fault including sensitive information that can be used to conduct an attack on the system. Vulnerability Details CVE- ID : CVE-2014-6170 DESCRIPTION : The HTTPInput node of WebSphere Message Broker an...

WSSAT - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

The vulnerability of the PHP interpreter allows attackers to trigger a service failure, obtain confidential information, or execute arbitrary code.

The vulnerability of the SoapFault method toString in ext/soap/soap.c in the PHP interpreter is related to data type mixing errors. Exploiting this vulnerability may allow an attacker, operating remotely, to obtain confidential information, execute arbitrary code, or cause a service failure...

UBUNTU-CVE-2015-4599

The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code via an unexpected data type, related to a...

Design/Logic Flaw

The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault...

CVE-2014-6170

The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault...

CVE-2006-2471

Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including 1 DNS and IP addresses to address to T3 clients, 2 internal sensitive information using GetIORServlet, 3 certain "server details" in...