Description
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Remediation
References
http://www.openwall.com/lists/oss-security/2022/09/22/1
https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl
Related Vulnerabilities
CVE-2015-6748 Vulnerability in maven package org.jsoup:jsoup
CVE-2019-20444 Vulnerability in maven package io.netty:netty-all
CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core
CVE-2020-36377 Vulnerability in npm package aaptjs
CVE-2019-10343 Vulnerability in maven package io.jenkins:configuration-as-code