CPANSA-SOAP-Lite-2015-01: SOAP-Lite vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2015-07-21T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2015-07-21T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 7.5 | Severity | |
Original language | Language | en | |
Also referred to |
Vulnerability Description
An example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.
Vulnerabilities
CVE-2015-8978
Vulnerability DescriptionIn Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.
Weakness | CWE-399 : Resource Management Errors |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SOAP-Lite less than 1.15 |
|
Fixed
- SOAP-Lite greater than or equal 1.15
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-SOAP-Lite-2015-01 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2015/cpansa-soap-lite-2015-01.json - https://metacpan.org/changes/distribution/SOAP-Lite external
https://metacpan.org/changes/distribution/SOAP-Lite - https://www.securityfocus.com/bid/94487 external
https://www.securityfocus.com/bid/94487 - https://github.com/redhotpenguin/perl-soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124 external
https://github.com/redhotpenguin/perl-soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124 - CVE-2015-8978 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2015-8978
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Tue Jul 21 00:00:00 2015 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/