Soap Apache Soap

Do you want an email whenever new security vulnerabilities are reported in Apache Soap?

By the Year

In 2024 there have been 0 vulnerabilities in Apache Soap . Soap did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 2 8.65
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Soap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Soap Security Vulnerabilities

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication

CVE-2022-45378 9.8 - Critical - November 14, 2022

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Missing Authentication for Critical Function

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP

CVE-2022-40705 7.5 - High - September 22, 2022

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

XXE

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Soap or by Apache? Click the Watch button to subscribe.

Apache
Vendor

Apache Soap
Product

subscribe