CVE-2014-1202
published 2014-01-25CVE-2014-1202: The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.67%
93.8th percentile
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eviware | soapui | — | — |
| eviware | soapui | — | — |
| eviware | soapui | — | — |
| eviware | soapui | — | — |
| eviware | soapui | — | — |
| eviware | soapui | — | — |
| smartbear | soapui | <= 4.6.3 | — |
| smartbear | soapui | — | — |
| smartbear | soapui | — | — |
| smartbear | soapui | — | — |
| smartbear | soapui | — | — |
| smartbear | soapui | — | — |
| smartbear | soapui | — | — |
| smartbear | soapui | — | — |
| smartbear | soapui | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect malicious WSDL files containing property expansion expressions using the '${=' prefix, which triggers arbitrary Java/Groovy code execution in SoapUI versions before 4.6.4. ↗
- →Monitor SoapUI clients importing WSDL/WADL files from untrusted or external sources, as the vulnerability is triggered at import/request-send time when the crafted default parameter value is expanded. ↗
- →Look for arbitrary Groovy code embedded inside WSDL element properties; the property expansion mechanism executes the code when the SoapUI client processes the WSDL. ↗
- →Reference the upstream patch commit to identify the exact code change that closes the property expansion sink and use it to verify whether a deployed SoapUI instance is patched. ↗
- ·The vulnerable property expansion feature was not present in SoapUI versions prior to 2.5; Red Hat JBoss SOA Platform 4.3 and 5.3 ship SoapUI 1.7.1 and are therefore not affected. ↗
- ·Exploitation requires the victim to actively import the malicious WSDL URL into SoapUI and then attempt to send a request; the payload fires at request-send time, not purely at import time. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
SoapUI: remote code execution when processing WSDL
vendor_redhat·2014-01-15·CVSS 9.3
CVE-2014-1202 [CRITICAL] SoapUI: remote code execution when processing WSDL
SoapUI: remote code execution when processing WSDL
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Statement: Not affected. Red Hat JBoss SOA Platform 4.3 and 5.3 support the SOAPClient action, which will use the SoapUI library to make calls to external web services. However, these products use SoapUI 1.7.1, while the vulnerable property expansion feature was not introduced until SoapUI 2.5. Therefore no Red Hat products are affected by this flaw.
Package: soapui (Red Hat JBoss SOA Platform 4.3) - Not affected
Package: soapui (Red Hat JBoss SOA Platform 5) - Not affected
OSV
Code injection via property expansion in SoapUI
osv·2022-05-17
CVE-2014-1202 [HIGH] Code injection via property expansion in SoapUI
Code injection via property expansion in SoapUI
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
GHSA
Code injection via property expansion in SoapUI
ghsa·2022-05-17
CVE-2014-1202 [HIGH] CWE-94 Code injection via property expansion in SoapUI
Code injection via property expansion in SoapUI
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
No detection rules found.
http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.htmlhttp://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.htmlhttp://www.exploit-db.com/exploits/30908http://www.youtube.com/watch?v=3lCLE64rsc0https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txthttp://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.htmlhttp://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.htmlhttp://www.exploit-db.com/exploits/30908http://www.youtube.com/watch?v=3lCLE64rsc0https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt
2014-01-25
Published