Summary
Detail | |||
---|---|---|---|
Vendor | Genivia | First view | 2017-07-19 |
Product | Gsoap | Last view | 2019-02-09 |
Version | 2.7.11 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:genivia:gsoap |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.1 | 2019-02-09 | CVE-2019-7659 | Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. |
8.1 | 2017-07-19 | CVE-2017-9765 | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-787 | Out-of-bounds Write |
50% (1) | CWE-190 | Integer Overflow or Wraparound |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-23 | Axis M3004 remote code execution attempt RuleID : 43625 - Type : SERVER-WEBAPP - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-08-11 | Name: The remote Fedora host is missing a security update. File: fedora_2017-d2174c28ed.nasl - Type: ACT_GATHER_INFO |
2017-08-11 | Name: The remote Fedora host is missing a security update. File: fedora_2017-ff06ff0ec9.nasl - Type: ACT_GATHER_INFO |
2017-07-27 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-842.nasl - Type: ACT_GATHER_INFO |
2017-07-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_8745c67e7dd1416596e2fcf9da2dc5b5.nasl - Type: ACT_GATHER_INFO |
2017-07-25 | Name: The remote Debian host is missing a security update. File: debian_DLA-1036.nasl - Type: ACT_GATHER_INFO |
2017-07-19 | Name: The remote device is affected by a remote code execution vulnerability. File: axis_devils_ivy.nasl - Type: ACT_GATHER_INFO |