Description

The SOAP endpoint supports the WS-Addressing technology, enabling clients to specify the destination for SOAP responses. An unauthenticated attacker could use it to send requests to other servers (Blind SSRF).

Remediation

Disable WS-Addressing if it's not required

References

Related Vulnerabilities