Apache Soap
By the Year
In 2024 there have been 0 vulnerabilities in Apache Soap . Soap did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 2 | 8.65 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Soap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Soap Security Vulnerabilities
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication
CVE-2022-45378
9.8 - Critical
- November 14, 2022
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Missing Authentication for Critical Function
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP
CVE-2022-40705
7.5 - High
- September 22, 2022
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Soap or by Apache? Click the Watch button to subscribe.