CVE-2020-13578
📋 TL;DR
A denial-of-service vulnerability in Genivia gSOAP's WS-Security plugin allows attackers to crash affected services by sending specially crafted SOAP requests. This affects systems using gSOAP 2.8.107 with WS-Security enabled. The vulnerability can be exploited remotely via HTTP requests.
💻 Affected Systems
- Genivia gSOAP
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Gsoap by Genivia
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage of affected SOAP web services, potentially affecting critical business functions that rely on these services.
Likely Case
Temporary service disruption requiring service restart, leading to downtime and potential data loss for in-flight transactions.
If Mitigated
Minimal impact with proper network segmentation and monitoring allowing quick detection and response to attack attempts.
🎯 Exploit Status
Exploitation requires sending a specially crafted SOAP request to vulnerable endpoints. The Talos Intelligence report includes technical details that could be used to create exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: gSOAP 2.8.108 or later
Vendor Advisory: https://www.genivia.com/advisory.html
Restart Required: Yes
Instructions:
1. Download latest gSOAP version from Genivia website. 2. Replace vulnerable gSOAP library. 3. Recompile affected applications. 4. Restart services using gSOAP.
🔧 Temporary Workarounds
Disable WS-Security
allTemporarily disable WS-Security plugin if not required for functionality
Modify application configuration to disable WS-Security plugin
Network Filtering
allImplement WAF rules to block malicious SOAP requests
Add WAF rule to detect and block malformed SOAP requests with WS-Security headers
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to vulnerable services
- Deploy rate limiting and request validation at the network perimeter
🔍 How to Verify
Check if Vulnerable:
Check gSOAP version and verify WS-Security plugin is enabled in application configurationCheck Version:
gsoap --version 2>/dev/null || check application documentation for version informationVerify Fix Applied:
Verify gSOAP version is 2.8.108 or later and test SOAP requests with WS-Security do not cause service crashes📡 Detection & Monitoring
Log Indicators:
- Service crashes or restarts
- Error logs mentioning WS-Security or SOAP parsing failures
- Unusual HTTP 500 responses from SOAP endpoints
Network Indicators:
- Spike in malformed SOAP requests
- Requests with unusual WS-Security headers
- HTTP requests causing service termination
SIEM Query:
source="webserver" AND (status=500 OR message="crash" OR message="segfault") AND uri="*.wsdl"🔗 References
- https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189
- https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189
