Bug 1674487 (CVE-2019-7659) - CVE-2019-7659 gsoap: DWITH_COOKIES flag leads to denial of service
Summary: CVE-2019-7659 gsoap: DWITH_COOKIES flag leads to denial of service
Status: NEW
Alias: CVE-2019-7659
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190114,repor...
Keywords: Security
Depends On: 1674498 1674499
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-11 13:21 UTC by Dhananjay Arunesh
Modified: 2019-02-11 13:35 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-02-11 13:21:38 UTC
Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial
of service (application abort) or possibly have unspecified other impact if a
server application is built with the -DWITH_COOKIES flag. This affects the C/C++
libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are
built with that flag.

Reference:
https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_

Comment 1 Dhananjay Arunesh 2019-02-11 13:35:11 UTC
Created gsoap tracking bugs for this issue:

Affects: fedora-all [bug 1674498]

Comment 2 Dhananjay Arunesh 2019-02-11 13:35:35 UTC
Created gsoap tracking bugs for this issue:

Affects: epel-all [bug 1674499]


Note You need to log in before you can comment on or make changes to this bug.