A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a denial of service on the victim machine or gaining the ability to execute arbitrary code.

The gSOAP toolkit is a C/C++ library for developing XML-based web services. It includes several plugins to support the implementation of SOAP and web service standards. The framework also provides multiple deployment options, including modules for IIS and Apache, standalone CGI scripts and its own standalone HTTP service.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Genivia to disclose these vulnerabilities and ensure that an update is available.

Vulnerability details

Genivia gSOAP WS-Security plugin denial-of-service vulnerability (TALOS-2020-1185/CVE-2020-13574)

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Genivia gSOAP WS-Addressing plugin denial-of-service vulnerability (TALOS-2020-1186/CVE-2020-13575)

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Genivia gSOAP WS-Addressing plugin code execution vulnerability (TALOS-2020-1187/CVE-2020-13576)

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Genivia gSOAP WS-Security plugin denial-of-service vulnerability (TALOS-2020-1188/CVE-2020-13577)

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Genivia gSOAP WS-Security plugin denial-of-service vulnerability (TALOS-2020-1189/CVE-2020-13578)

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities affect Genivia gSOAP, version 2.8.107.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 56211, 56275, 56297, 56298, 56307, 56308, 56507 - 56510