Security
Headlines

Headlines Latest CVEs

Headline

GHSA-789v-h9hw-38pg: Apache SOAP contains unauthenticated RPCRouterServlet

** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

2 years ago

#vulnerability #apache #git #rce #auth

Apache SOAP contains unauthenticated RPCRouterServlet

Critical severity GitHub Reviewed Published Nov 14, 2022 • Updated Nov 18, 2022

Related news

** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

2 years ago

#vulnerability #apache #rce #auth

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

6 hours ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

6 hours ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

6 hours ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

9 hours ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

9 hours ago