Lucene search
K

5 matches found

CVE
CVE
added 2026/06/11 5:4 a.m.28 views

CVE-2026-40999

CVE-2026-40999 affects Spring Web Services (versions across 3.1.0–3.1.8, 4.0.0–4.0.18, 4.1.0–4.1.3, 5.0.0–5.0.1). When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS can initiate outbound connections via configured WebServiceMessageSender instances to destination...

8.6CVSS5.5AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.28 views

CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...

8.6CVSS0.00383EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.4 views

The vulnerability of the WS-Addressing plugin in the gSOAP software development environment allows a attacker to trigger a service failure.

The vulnerability of the WS-Addressing plugin in the gSOAP software development environment is related to errors in pointer manipulation during SOAP request processing. Exploiting this vulnerability allows an attacker to cause service failures by sending specially crafted HTTP requests...

7.5CVSS7.1AI score0.03023EPSS
Exploits1References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.3 views

The vulnerability of the WS-Addressing plugin in the gSOAP web service development environment allows a attacker to cause a service failure.

The vulnerability of the WS-Addressing plugin in the gSOAP web service development environment is related to errors in pointer manipulation during SOAP request processing. Exploiting this vulnerability allows an attacker to cause service failures by sending specially crafted HTTP requests...

7.5CVSS7.1AI score0.02267EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2021/03/25 5:15 p.m.3 views

UBUNTU-CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

9.8CVSS7.9AI score0.04983EPSS
Exploits1References3
Rows per page
Query Builder