Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP

Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP


A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.


Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a denial of service on the victim machine or gaining the ability to execute arbitrary code. 



The gSOAP toolkit is a C/C++ library for developing XML-based web services. It includes several plugins to support the implementation of SOAP and web service standards. The framework also provides multiple deployment options, including modules for IIS and Apache, standalone CGI scripts and its own standalone HTTP service.


In accordance with our coordinated disclosure policy, Cisco Talos worked with Genivia to disclose these vulnerabilities and ensure that an update is available.

Vulnerability details


Genivia gSOAP WS-Security plugin denial-of-service vulnerability (TALOS-2020-1185/CVE-2020-13574)


A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.


Read the complete vulnerability advisory here for additional information. 


Genivia gSOAP WS-Addressing plugin denial-of-service vulnerability (TALOS-2020-1186/CVE-2020-13575)


A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an ..

Support the originator by clicking the read the rest link below.