Vulnerability Details : CVE-2014-1202
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Products affected by CVE-2014-1202
- cpe:2.3:a:eviware:soapui:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:*:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1202
72.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1202
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-1202
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1202
-
http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html
SoapUI Remote Code Execution ≈ Packet StormExploit
-
http://www.exploit-db.com/exploits/30908
SoapUI 4.6.3 - Remote Code Execution - Windows remote ExploitExploit
-
https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt
soapui/RELEASENOTES.txt at master · SmartBear/soapui · GitHub
-
http://www.youtube.com/watch?v=3lCLE64rsc0
SoapUI Code Execution Vulnerability PoC CVE-2014-1202 - YouTube
-
http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html
Information Security: SoapUI Code Execution Vulnerability - CVE-2014-1202
Jump to