CVE-2020-13574
📋 TL;DR
This vulnerability in Genivia gSOAP's WS-Security plugin allows attackers to cause denial-of-service by sending specially crafted SOAP requests. Systems using gSOAP 2.8.107 with WS-Security enabled are affected. The vulnerability can crash the service, disrupting legitimate users.
💻 Affected Systems
- Genivia gSOAP
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Gsoap by Genivia
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage for applications relying on gSOAP's WS-Security functionality, potentially affecting downstream systems and business operations.
Likely Case
Service crashes requiring manual restart, causing temporary disruption to SOAP-based web services.
If Mitigated
Minimal impact with proper network segmentation and monitoring allowing quick detection and response.
🎯 Exploit Status
Exploitation requires sending a specially crafted SOAP request to the vulnerable endpoint. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: gSOAP 2.8.108 or later
Vendor Advisory: https://www.genivia.com/advisory.html
Restart Required: Yes
Instructions:
1. Download gSOAP 2.8.108 or later from Genivia website. 2. Replace existing gSOAP installation with patched version. 3. Recompile any applications using gSOAP. 4. Restart affected services.
🔧 Temporary Workarounds
Disable WS-Security plugin
allTemporarily disable the vulnerable WS-Security component if not required
Recompile gSOAP applications with WS-Security disabled (remove -DWITH_OPENSSL and related security flags)
Network filtering
allBlock or filter malicious SOAP requests at network perimeter
Configure WAF rules to block suspicious SOAP requests with malformed WS-Security headers
🧯 If You Can't Patch
- Implement strict network segmentation to isolate gSOAP services from untrusted networks
- Deploy Web Application Firewall (WAF) with rules to detect and block exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check gSOAP version: gsoap --version 2>&1 | grep -i version. If output shows 2.8.107 and WS-Security is enabled, system is vulnerable.Check Version:
gsoap --version 2>&1 | grep -i version || soapcpp2 --version 2>&1 | head -1Verify Fix Applied:
Verify gSOAP version is 2.8.108 or later: gsoap --version 2>&1 | grep -i version. Test with known exploit payloads to confirm service remains stable.📡 Detection & Monitoring
Log Indicators:
- Unexpected service crashes/restarts
- Error logs containing WS-Security or SOAP parsing failures
- High volume of malformed SOAP requests
Network Indicators:
- Spike in HTTP requests to SOAP endpoints
- Requests with unusual WS-Security headers
- Traffic patterns matching known exploit payloads
SIEM Query:
source="*gsoap*" AND ("crash" OR "segfault" OR "WS-Security error") OR http.uri="*.wsdl" AND http.status="500"🔗 References
- https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185
- https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185
