Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia: 2021-0263 Moderate: gSOAP Denial Of Service and Remote Execution

mageia
Calendar Grey June 16, 2021
Dist Mageia Esm H88
Mageia 2021-0299 releases updates for libcurl to mitigate potential vulnerabilities related to unauthorized access and data breaches.
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107

Summary

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13574).
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13575).
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13576).
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to tr...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29015

- https://www.cve.org/CVERecord?id=CVE-2020-13574

- https://www.cve.org/CVERecord?id=CVE-2020-13575

- https://www.cve.org/CVERecord?id=CVE-2020-13576

- https://www.cve.org/CVERecord?id=CVE-2020-13577

- https://www.cve.org/CVERecord?id=CVE-2020-13578

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/

- https://www.cve.org/CVERecord?id=CVE-2020-13574

- https://www.cve.org/CVERecord?id=CVE-2020-13575

- https://www.cve.org/CVERecord?id=CVE-2020-13576

- https://www.cve.org/CVERecord?id=CVE-2020-13577

- https://www.cve.org/CVERecord?id=CVE-2020-13578

Topics%20covered

Topics Covered

security advisory denial of service security issue code execution remote execution mageia gsoap

Resolution

SRPMS

- 8/core/gsoap-2.8.104-1.1.mga8

- 7/core/gsoap-2.8.67-2.1.mga7

Publication date: 16 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0263.html
Type: security
CVE: CVE-2020-13574, CVE-2020-13575, CVE-2020-13576, CVE-2020-13577, CVE-2020-13578

Topics%20covered

Topics Covered

security advisory denial of service security issue code execution remote execution mageia gsoap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here