Vulnerability Details CVE-2014-1202
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.206
EPSS Ranking 95.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html
- http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html
- http://www.exploit-db.com/exploits/30908
- http://www.youtube.com/watch?v=3lCLE64rsc0
- https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt
- http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html
- http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html
- http://www.exploit-db.com/exploits/30908
- http://www.youtube.com/watch?v=3lCLE64rsc0
- https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt
Products affected by CVE-2014-1202
-
cpe:2.3:a:eviware:soapui:2.5.1
-
cpe:2.3:a:eviware:soapui:3.0.1
-
cpe:2.3:a:eviware:soapui:3.5
-
cpe:2.3:a:eviware:soapui:3.5.1
-
cpe:2.3:a:eviware:soapui:3.6
-
cpe:2.3:a:eviware:soapui:3.6.1
-
cpe:2.3:a:smartbear:soapui:1.0
-
cpe:2.3:a:smartbear:soapui:1.0.1
-
cpe:2.3:a:smartbear:soapui:1.0.2
-
cpe:2.3:a:smartbear:soapui:1.0.3
-
cpe:2.3:a:smartbear:soapui:1.5
-
cpe:2.3:a:smartbear:soapui:1.6
-
cpe:2.3:a:smartbear:soapui:1.7
-
cpe:2.3:a:smartbear:soapui:1.7.1
-
cpe:2.3:a:smartbear:soapui:1.7.5
-
cpe:2.3:a:smartbear:soapui:1.7.6
-
cpe:2.3:a:smartbear:soapui:2.0
-
cpe:2.3:a:smartbear:soapui:2.0.1
-
cpe:2.3:a:smartbear:soapui:2.0.2
-
cpe:2.3:a:smartbear:soapui:2.5
-
cpe:2.3:a:smartbear:soapui:2.5.1
-
cpe:2.3:a:smartbear:soapui:3.0
-
cpe:2.3:a:smartbear:soapui:3.0.1
-
cpe:2.3:a:smartbear:soapui:3.5
-
cpe:2.3:a:smartbear:soapui:3.5.1
-
cpe:2.3:a:smartbear:soapui:3.6
-
cpe:2.3:a:smartbear:soapui:3.6.1
-
cpe:2.3:a:smartbear:soapui:4.0
-
cpe:2.3:a:smartbear:soapui:4.0.1
-
cpe:2.3:a:smartbear:soapui:4.5
-
cpe:2.3:a:smartbear:soapui:4.5.0
-
cpe:2.3:a:smartbear:soapui:4.5.1
-
cpe:2.3:a:smartbear:soapui:4.5.2
-
cpe:2.3:a:smartbear:soapui:4.6.0
-
cpe:2.3:a:smartbear:soapui:4.6.1
-
cpe:2.3:a:smartbear:soapui:4.6.2
-
cpe:2.3:a:smartbear:soapui:4.6.3