Platform
java
Component
soap:soap
Opgelost in
2.3.1
CVE-2022-45378 describes a critical remote code execution (RCE) vulnerability in Apache SOAP versions 2.3.1 and earlier. Due to the lack of authentication for the RPCRouterServlet, attackers can invoke methods on the classpath, potentially leading to arbitrary code execution. This vulnerability affects unsupported versions of Apache SOAP and requires immediate attention to prevent exploitation.
The primary impact of CVE-2022-45378 is the potential for remote code execution. An attacker can exploit this vulnerability by sending crafted requests to the RPCRouterServlet, leveraging methods available on the classpath. The severity of the impact depends on the classes present on the classpath; however, successful exploitation could allow an attacker to gain complete control over the affected server. This could lead to data breaches, system compromise, and further lateral movement within the network. The lack of authentication makes this vulnerability particularly concerning as it requires minimal effort to exploit.
CVE-2022-45378 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's ease of exploitation and the lack of available patches make it a high-risk concern. The vulnerability was publicly disclosed on November 14, 2022. Given the product's end-of-life status, exploitation is likely to increase as attackers actively scan for vulnerable systems.
Systems running Apache SOAP, particularly those deployed in legacy environments or as part of older applications, are at significant risk. Shared hosting environments where users have limited control over the server configuration are also vulnerable. Any system where Apache SOAP is used without proper security hardening is potentially exposed.
• java / server:
ps -ef | grep RPCRouterServlet• generic web:
curl -I http://<target>/RPCRouterServlet(Expect a 403 or 404 if the servlet is disabled) • generic web:
grep -r 'RPCRouterServlet' /var/www/html/*(Search for servlet mapping in web.xml or similar configuration files)
disclosure
Exploit Status
EPSS
4.51% (89% percentiel)
CVSS-vector
Due to Apache SOAP being an unsupported product, direct patching is unavailable. The primary mitigation strategy is to disable the RPCRouterServlet. This can be achieved by removing the servlet mapping from the web application deployment descriptor (web.xml) or by configuring the web server to block access to the servlet. If disabling the servlet is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests targeting the RPCRouterServlet. Regularly review the classpath to minimize the availability of potentially exploitable classes. Verify mitigation by attempting to access the RPCRouterServlet after implementing the changes; access should be denied.
Actualizar a una versión soportada o deshabilitar el RPCRouterServlet si no es necesario. Dado que Apache SOAP ya no está soportado, la migración a una alternativa moderna es la solución recomendada. Si no es posible migrar, implementar controles de acceso estrictos para el RPCRouterServlet puede mitigar el riesgo.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2022-45378 is a critical remote code execution vulnerability in Apache SOAP versions 2.3.1 and earlier. The RPCRouterServlet is accessible without authentication, allowing attackers to potentially execute arbitrary code.
You are affected if you are running Apache SOAP version 2.3.1 or earlier, especially if it's deployed in an environment where the RPCRouterServlet is accessible.
Due to the product's end-of-life, patching is unavailable. Mitigation involves disabling the RPCRouterServlet by removing its mapping or blocking access via a WAF.
While widespread exploitation hasn't been confirmed, the vulnerability's ease of exploitation and the lack of available patches make it a high-risk concern, and exploitation is likely to increase.
Apache SOAP is no longer maintained. Information about this vulnerability can be found on the NVD website: https://nvd.nist.gov/vuln/detail/CVE-2022-45378
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je pom.xml-bestand en we vertellen je direct of je getroffen bent.