CVE-2024-6893

NVD Published Date: August 08, 2024 at 12:15 AM
NVD Last Modified: August 08, 2024 at 08:53 PM
Download Patch
Vulnerability ID
CVE-2024-6893
Severity
HIGH
Severity Score
7.5
Summary
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
Mitigation and Patches
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE ID
CWE-611

Recent Publish

CVE-2024-38202

CVE-2024-7560

CVE-2024-7486

CVE-2024-7561

CVE-2024-21302

CVE-2024-7492

See SecOps Solution
in action

Schedule Demo