Denial of Service Vulnerability in Genivia gSOAP 2.7.x and 2.8.x
CVE-2019-7659

8.1HIGH

Key Information:

Vendor

Genivia

Status
Gsoap
Vendor
CVE Published:
9 February 2019

What is CVE-2019-7659?

An identified denial of service vulnerability in Genivia's gSOAP versions 2.7.x and 2.8.x, prior to version 2.8.75, can cause server applications to abort unexpectedly. This issue arises when applications are compiled with the -DWITH_COOKIES option, leading to possible disruption of service without prior notice. Applications utilizing the C/C++ library components libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ are particularly susceptible to exploitation. Users are advised to upgrade to the latest version to mitigate this risk.

References

https://lists.debian.org/debian-lts-announce/2019/02/msg0...
mailing-listx_refsource_MLIST
https://www.genivia.com/advisory.html#Bug_in_gSOAP_versio...
x_refsource_CONFIRM
https://outpost24.com/blog/gsoap-vulnerability-identified
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.