Main Vulnerability Database SB2019011411

SB2019011411 - Denial of service in Genivia gSOAP

Published: January 14, 2019

Security Bulletin ID SB2019011411

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-7659)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the HTTP cookie-handling component of Genivia gSOA it is used with a server application with the -DWITH_COOKIES flag enabled. A remote attacker can send a request that submits malicious input and cause the application to unexpectedly abort.

Remediation

Install update from vendor's website.

References

https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_(Jan_14,_2019)