Summary
| Detail | |||
|---|---|---|---|
| Vendor | Genivia | First view | 2017-07-19 |
| Product | Gsoap | Last view | 2019-02-09 |
| Version | 2.7.11 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:genivia:gsoap | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.1 | 2019-02-09 | CVE-2019-7659 | Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. |
| 8.1 | 2017-07-19 | CVE-2017-9765 | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-787 | Out-of-bounds Write |
| 50% (1) | CWE-190 | Integer Overflow or Wraparound |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-08-23 | Axis M3004 remote code execution attempt RuleID : 43625 - Type : SERVER-WEBAPP - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-08-11 | Name: The remote Fedora host is missing a security update. File: fedora_2017-d2174c28ed.nasl - Type: ACT_GATHER_INFO |
| 2017-08-11 | Name: The remote Fedora host is missing a security update. File: fedora_2017-ff06ff0ec9.nasl - Type: ACT_GATHER_INFO |
| 2017-07-27 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-842.nasl - Type: ACT_GATHER_INFO |
| 2017-07-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_8745c67e7dd1416596e2fcf9da2dc5b5.nasl - Type: ACT_GATHER_INFO |
| 2017-07-25 | Name: The remote Debian host is missing a security update. File: debian_DLA-1036.nasl - Type: ACT_GATHER_INFO |
| 2017-07-19 | Name: The remote device is affected by a remote code execution vulnerability. File: axis_devils_ivy.nasl - Type: ACT_GATHER_INFO |
