CVE-2015-8978 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-8978?

CVE-2015-8978 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8978?

Check the references section above for vendor advisories and patch information. Affected products include: Soap\ \.

Vulnerability Description

In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Soap\	\	<= 1.14, lite_project

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2015-8978?

CVE-2015-8978 is a vulnerability with a CVSS score of 7.5 (HIGH). In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the...

How severe is CVE-2015-8978?

CVE-2015-8978 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8978?

Check the references section above for vendor advisories and patch information. Affected products include: Soap\ \.