CVE-2020-13574

Name of the Vulnerable Software and Affected Versions Genivia gSOAP version 2.8.107

Description A denial-of-service issue exists in the WS-Security plugin functionality of Genivia gSOAP. It can be triggered by a specially crafted SOAP request, allowing an attacker to send an HTTP request and cause a denial of service. The vulnerability is related to errors in handling SOAP requests, which can be exploited by a remote attacker to cause a denial of service by sending specially crafted HTTP requests.

Recommendations For Genivia gSOAP version 2.8.107, consider disabling the WS-Security plugin functionality as a temporary workaround until a patch is available. Restrict access to the SOAP endpoint to minimize the risk of exploitation. Avoid using the WS-Security plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.