High severityNVD Advisory· Published Sep 22, 2022· Updated Aug 3, 2024
Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP
CVE-2022-40705
Description
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
soap:soapMaven | >= 2.2, <= 2.3.1 | — |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-jq8c-j47c-vvwmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-40705ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/09/22/1ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.