CVE-2020-13577
published 2021-02-10CVE-2020-13577: A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.02%
85.8th percentile
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gsoap | < gsoap 2.8.104-3 (bookworm) | gsoap 2.8.104-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | >= 0 < 2.8.104-3 | 2.8.104-3 |
| genivia | gsoap | >= 0 < 2.8.104-3 | 2.8.104-3 |
| genivia | gsoap | >= 0 < 2.8.104-3 | 2.8.104-3 |
| genivia | gsoap | >= 0 < 2.8.104-3 | 2.8.104-3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wmf9-7mph-r64c: A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2
ghsa_unreviewed·2022-05-24
CVE-2020-13577 [HIGH] CWE-476 GHSA-wmf9-7mph-r64c: A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
OSV
CVE-2020-13577: A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2
osv·2021-02-10·CVSS 7.5
CVE-2020-13577 [HIGH] CVE-2020-13577: A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
Debian
CVE-2020-13577: gsoap - A denial-of-service vulnerability exists in the WS-Security plugin functionality...
vendor_debian·2020·CVSS 7.5
CVE-2020-13577 [HIGH] CVE-2020-13577: gsoap - A denial-of-service vulnerability exists in the WS-Security plugin functionality...
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 2.8.104-3)
bullseye: resolved (fixed in 2.8.104-3)
forky: resolved (fixed in 2.8.104-3)
sid: resolved (fixed in 2.8.104-3)
trixie: resolved (fixed in 2.8.104-3)
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP
blogs_talos·2021-01-05·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP
## Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a denial of service on the victim machine or gaining the ability to execute arbitrary code.
The gSOAP toolkit is a C/C++ library for developing XML-based web services. It includes several plugins to support the implementation of SOAP and web service standards. The framework also provides multiple deployment options, including modules for IIS and Apache, standalone CGI scripts and its own standalone HTTP service.
In accordance with
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP
blogs_talos·2021-01-05·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a denial of service on the victim machine or gaining the ability to execute arbitrary code.
The gSOAP toolkit is a C/C++ library for developing XML-based web services. It includes several plugins to support the implementation of SOAP and web service standards. The framework also provides multiple deployment options, including modules for IIS and Apache, standalone CGI scripts and its own standalone HTTP service.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Genivia to
https://lists.debian.org/debian-lts-announce/2024/02/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188https://lists.debian.org/debian-lts-announce/2024/02/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188
2021-02-10
Published