Vulnerability Description
Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Genivia | Gsoap | >= 2.7.0, <= 2.7.17 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2019/02/msg00027.htmlMailing ListThird Party Advisory
- https://outpost24.com/blog/gsoap-vulnerability-identified
- https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_
- https://lists.debian.org/debian-lts-announce/2019/02/msg00027.htmlMailing ListThird Party Advisory
- https://outpost24.com/blog/gsoap-vulnerability-identified
- https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_
FAQ
What is CVE-2019-7659?
CVE-2019-7659 is a vulnerability with a CVSS score of 8.1 (HIGH). Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH...
How severe is CVE-2019-7659?
CVE-2019-7659 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7659?
Check the references section above for vendor advisories and patch information. Affected products include: Genivia Gsoap, Debian Debian Linux.