← Voltar para CVEs
CVE-2022-45378
CRITICAL9.8
Descricao
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/14/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
apache:soap
Fraquezas (CWE)
CWE-306CWE-306
Referencias
http://www.openwall.com/lists/oss-security/2022/11/14/4(security@apache.org)
https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31(security@apache.org)
http://www.openwall.com/lists/oss-security/2022/11/14/4(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.