Rewterz Threat Advisory – CVE-2022-41218 – Linux Kernel Vulnerability
September 23, 2022Rewterz Threat Advisory – CVE-2022-40754 – Apache Airflow Vulnerability
September 23, 2022Rewterz Threat Advisory – CVE-2022-41218 – Linux Kernel Vulnerability
September 23, 2022Rewterz Threat Advisory – CVE-2022-40754 – Apache Airflow Vulnerability
September 23, 2022Severity
High
Analysis Summary
CVE-2022-40705
Apache SOAP is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by a weakly configured XML parser in RPCRouterServlet. By using specially-crafted XML content in the configuration file, a remote attacker could exploit this vulnerability to read arbitrary files.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-41218
Affected Vendors
- Apache
Affected Products
- Apache SOAP 2.2
Remediation
Refer to Apache Security Advisory for patch, upgrade or suggested workaround information.