CVE-2024-6893
CVSS V2 None
CVSS V3 None
Description
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
Overview
- CVE ID
- CVE-2024-6893
- Assigner
- KoreLogic
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-07T23:22:08.667Z
- Last Modified Date
- 2024-08-08T01:29:17.480Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt | third-party-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-6893 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6893 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-08 13:10:02 | Added to TrackCVE |