PT-2020-6526 · Genivia · Gsoap
Published
2020-11-05
·
Updated
2024-03-01
·
CVE-2020-13577
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Genivia gSOAP version 2.8.107
Description
A denial-of-service issue exists in the WS-Security plugin functionality of Genivia gSOAP. This is due to pointer dereference errors when processing SOAP requests. An attacker can exploit this by sending specially crafted HTTP requests, leading to denial of service.
Recommendations
For Genivia gSOAP version 2.8.107, consider disabling the WS-Security plugin functionality as a temporary workaround until a patch is available. Restrict access to the SOAP request handling module to minimize the risk of exploitation. Avoid using the vulnerable WS-Security plugin until the issue is resolved.
Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gsoap