cnvd - cnvd-2022-78864

cnvd-2022-78864

Vulnerability from cnvd

Title: Apache SOAP身份验证错误漏洞

Description:

Apache SOAP是美国阿帕奇（Apache）基金会的用作客户端库来调用其他地方可用的 SOAP服务，也可以用作服务器端工具来实现SOAP可访问服务。

Apache SOAP存在身份验证错误漏洞，该漏洞源于RPCRouterServlet无需身份验证即可使用，攻击者可利用该漏洞有可能在满足特定条件的类路径上调用方法，根据类路径上可用的类可能导致任意远程代码执行。

Severity: 高

Patch Name: Apache SOAP身份验证错误漏洞的补丁

Patch Description:

Apache SOAP是美国阿帕奇（Apache）基金会的用作客户端库来调用其他地方可用的 SOAP服务，也可以用作服务器端工具来实现SOAP可访问服务。

Apache SOAP存在身份验证错误漏洞，该漏洞源于RPCRouterServlet无需身份验证即可使用，攻击者可利用该漏洞有可能在满足特定条件的类路径上调用方法，根据类路径上可用的类可能导致任意远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-45378

Impacted products

Name
Apache SOAP <=2.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-45378",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-45378"
    }
  },
  "description": "Apache SOAP\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u7528\u4f5c\u5ba2\u6237\u7aef\u5e93\u6765\u8c03\u7528\u5176\u4ed6\u5730\u65b9\u53ef\u7528\u7684 SOAP\u670d\u52a1\uff0c\u4e5f\u53ef\u4ee5\u7528\u4f5c\u670d\u52a1\u5668\u7aef\u5de5\u5177\u6765\u5b9e\u73b0SOAP\u53ef\u8bbf\u95ee\u670d\u52a1\u3002\n\nApache SOAP\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eRPCRouterServlet\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4f7f\u7528\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6709\u53ef\u80fd\u5728\u6ee1\u8db3\u7279\u5b9a\u6761\u4ef6\u7684\u7c7b\u8def\u5f84\u4e0a\u8c03\u7528\u65b9\u6cd5\uff0c\u6839\u636e\u7c7b\u8def\u5f84\u4e0a\u53ef\u7528\u7684\u7c7b\u53ef\u80fd\u5bfc\u81f4\u4efb\u610f\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-78864",
  "openTime": "2022-11-21",
  "patchDescription": "Apache SOAP\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u7528\u4f5c\u5ba2\u6237\u7aef\u5e93\u6765\u8c03\u7528\u5176\u4ed6\u5730\u65b9\u53ef\u7528\u7684 SOAP\u670d\u52a1\uff0c\u4e5f\u53ef\u4ee5\u7528\u4f5c\u670d\u52a1\u5668\u7aef\u5de5\u5177\u6765\u5b9e\u73b0SOAP\u53ef\u8bbf\u95ee\u670d\u52a1\u3002\r\n\r\nApache SOAP\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eRPCRouterServlet\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4f7f\u7528\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6709\u53ef\u80fd\u5728\u6ee1\u8db3\u7279\u5b9a\u6761\u4ef6\u7684\u7c7b\u8def\u5f84\u4e0a\u8c03\u7528\u65b9\u6cd5\uff0c\u6839\u636e\u7c7b\u8def\u5f84\u4e0a\u53ef\u7528\u7684\u7c7b\u53ef\u80fd\u5bfc\u81f4\u4efb\u610f\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache SOAP\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache SOAP \u003c=2.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-45378",
  "serverity": "\u9ad8",
  "submitTime": "2022-11-17",
  "title": "Apache SOAP\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2022-45378 (GCVE-0-2022-45378)

Vulnerability from cvelistv5

Published

2022-11-14 00:00

Modified

2024-08-03 14:09

Severity ?

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

▼	URL	Tags
	https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31
	http://www.openwall.com/lists/oss-security/2022/11/14/4	mailing-list

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache SOAP	Version: Apache SOAP 2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:soap:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "soap",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "2.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-45378",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T03:55:24.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:09:56.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31"
          },
          {
            "name": "[oss-security] 20221114 CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/14/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache SOAP",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache SOAP 2.3"
            },
            {
              "lessThan": "2.3",
              "status": "unknown",
              "version": "Apache SOAP",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "  Apache would like to thank TsungShu Chiu (CHT Security) for reporting this issue"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T12:55:38.995Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31"
        },
        {
          "name": "[oss-security] 20221114 CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/14/4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "title": "Apache SOAP allows unauthenticated users to potentially invoke arbitrary code",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-45378",
    "datePublished": "2022-11-14T00:00:00",
    "dateReserved": "2022-11-14T00:00:00",
    "dateUpdated": "2024-08-03T14:09:56.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted