FKIE_CVE-2014-1202

Vulnerability from fkie_nvd - Published: 2014-01-25 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
References
cve@mitre.orghttp://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html
cve@mitre.orghttp://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.htmlExploit
cve@mitre.orghttp://www.exploit-db.com/exploits/30908Exploit
cve@mitre.orghttp://www.youtube.com/watch?v=3lCLE64rsc0
cve@mitre.orghttps://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt
af854a3a-2127-422b-91ae-364da2661108http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/30908Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.youtube.com/watch?v=3lCLE64rsc0
af854a3a-2127-422b-91ae-364da2661108https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt
Impacted products
Vendor Product Version
eviware soapui 2.5.1
eviware soapui 3.0.1
eviware soapui 3.5
eviware soapui 3.5.1
eviware soapui 3.6
eviware soapui 3.6.1
smartbear soapui *
smartbear soapui 4.0
smartbear soapui 4.0
smartbear soapui 4.0
smartbear soapui 4.0.1
smartbear soapui 4.5
smartbear soapui 4.5.1
smartbear soapui 4.5.2
smartbear soapui 4.6.0
smartbear soapui 4.6.1
smartbear soapui 4.6.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eviware:soapui:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32393C29-BD37-4F56-889F-25699D58974A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eviware:soapui:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36608A9D-8A2B-4FF9-AC05-5BFC34313CF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eviware:soapui:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E47B37D-03CA-453F-BB90-650BAB6AE4EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eviware:soapui:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE4DBFB-5D5B-4E6B-B071-46A45F1A7D11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eviware:soapui:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1FB5B8-4540-4FA1-9261-D3B476B0DE9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eviware:soapui:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DED1D4D-D025-4F3A-88E8-8F62139A2D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB028D9D-B958-46B9-ADE2-769C86654B66",
              "versionEndIncluding": "4.6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F256F595-A044-4BBB-846B-88005B6E9561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9AD9A2CA-FE10-4634-8C05-392F8FD21802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E7D711B4-0E91-4DBB-A208-F5C105213691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A50E18-ABEF-4E0B-B8AB-5C9DBE95AF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3BCB53-FDC9-4664-BA3B-388E2D4917EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D2DE81-5D41-4796-B7B2-43C69B82947C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDA6D02-2064-4DA2-B0E5-197AE4205D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F217D88-D80A-4413-A4F4-CEF4F8B248E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA32495-DA2D-4447-AD2A-A71C49F8AD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartbear:soapui:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92ED7FFC-C206-4A83-B37D-3BA9D237D3D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de importaci\u00f3n  WSDL/WADL en SoapUI anteriores a 4.6.4 permite a atacantes remotos ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de par\u00e1metros de petici\u00f3n manipulados en un fichero WSDL."
    }
  ],
  "id": "CVE-2014-1202",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-01-25T01:55:05.973",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/30908"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.youtube.com/watch?v=3lCLE64rsc0"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/30908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.youtube.com/watch?v=3lCLE64rsc0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.