Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache SOAP allows unauthenticated users to potentially invoke arbitrary code
Vulnerability Description
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Apache SOAP 访问控制错误漏洞
Vulnerability Description
Apache SOAP是美国阿帕奇(Apache)基金会的用作客户端库来调用其他地方可用的 SOAP 服务,也可以用作服务器端工具来实现 SOAP 可访问服务。 Apache SOAP存在访问控制错误漏洞,该漏洞源于RPCRouterServlet无需身份验证即可使用,这使得攻击者有可能在满足特定条件的类路径上调用方法,根据类路径上可用的类可能导致任意远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A