PT-2022-25482 · Apache · Apache Soap

Tsungshu Chiu

Published

2022-09-22

Updated

2025-09-28

CVE-2022-40705

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache SOAP versions 2.2 and later

Description An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue only affects products that are no longer supported by the maintainer.

Recommendations For Apache SOAP versions 2.2 and later, consider disabling the RPCRouterServlet until a patch is available, as these versions are no longer supported by the maintainer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2022-40705

GHSA-JQ8C-J47C-VVWM

Affected Products

Apache Soap

PT-2022-25482 · Apache · Apache Soap

CVE-2022-40705

Weakness Enumeration

Related Identifiers

Affected Products

References · 8