CVE-2022-40705

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
apachesoap
2.2 ≤
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
apachesoap
2.2 ≤
𝑥
< *
ADP
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2022/09/22/1
https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl
http://www.openwall.com/lists/oss-security/2022/09/22/1
https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl