Description

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.

Remediation

References

http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html

https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt

http://www.exploit-db.com/exploits/30908

http://www.youtube.com/watch?v=3lCLE64rsc0

http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html

Related Vulnerabilities

CVE-2021-26539 Vulnerability in npm package sanitize-html

CVE-2019-13127 Vulnerability in npm package mxgraph

CVE-2019-10767 Vulnerability in npm package iobroker.js-controller

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12

CVE-2017-16026 Vulnerability in npm package request

Severity

Critical

Classification

CWE-94

Tags

Exploit