What is the severity of CVE-2022-45378?

CVE-2022-45378 is considered to be a high severity vulnerability due to its potential for unauthenticated remote method invocation.

How do I fix CVE-2022-45378?

To fix CVE-2022-45378, it is recommended to restrict access to the RPCRouterServlet by implementing proper authentication mechanisms.

What software versions are affected by CVE-2022-45378?

CVE-2022-45378 affects all versions of Apache SOAP up to and including 2.3.

What kind of attacks can occur due to CVE-2022-45378?

CVE-2022-45378 can allow attackers to invoke methods on the classpath without authentication, potentially leading to unauthorized data access or manipulation.

Is there a workaround for CVE-2022-45378?

A temporary workaround for CVE-2022-45378 is to disable the RPCRouterServlet if it's not in use, until a proper fix can be applied.

Vulnerability/
CVE-2022-45378

critical

9.8

CWE

306

14/11/2022

21/11/2024

CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code

First published: Mon Nov 14 2022(Updated: )

** UNSUPPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache SOAP	<=2.3
	<=2.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-45378?
CVE-2022-45378 is considered to be a high severity vulnerability due to its potential for unauthenticated remote method invocation.
How do I fix CVE-2022-45378?
To fix CVE-2022-45378, it is recommended to restrict access to the RPCRouterServlet by implementing proper authentication mechanisms.
What software versions are affected by CVE-2022-45378?
CVE-2022-45378 affects all versions of Apache SOAP up to and including 2.3.
What kind of attacks can occur due to CVE-2022-45378?
CVE-2022-45378 can allow attackers to invoke methods on the classpath without authentication, potentially leading to unauthorized data access or manipulation.
Is there a workaround for CVE-2022-45378?
A temporary workaround for CVE-2022-45378 is to disable the RPCRouterServlet if it's not in use, until a proper fix can be applied.

collector/nvd-index
agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/softwarecombine
agent/status
agent/description
agent/title
agent/first-publish-date
agent/tags
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
status/unsupported
vendor/apache
canonical/apache soap
version/apache soap/2.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.