1. CVE-Search
  2. CVE-2015-8978
ID CVE-2015-8978
Summary In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.
References
Vulnerable Configurations
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.1:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.1:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.2:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.2:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.3:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.3:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.31:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.31:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.32:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.32:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.35:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.35:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.36:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.36:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.38:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.38:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.39:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.39:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.40:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.40:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.41:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.41:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.42:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.42:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.43:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.43:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.44:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.44:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.45:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.45:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.46:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.46:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.47:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.47:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.50:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.50:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.51:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.51:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.52:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.52:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.55:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.55:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.60:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.60:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta1:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta1:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta2:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta2:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta2.1:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta2.1:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta3:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta3:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta4:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta4:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta5:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta5:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta6:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta6:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta7:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.65-beta7:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.68:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.68:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_01:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_01:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_02:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_02:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_03:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_03:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_04:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_04:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_05:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_05:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_06:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_06:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_07:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_07:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_08:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.70_08:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.01:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.01:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.02:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.02:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.03:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.03:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.04:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.71.04:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.05:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.05:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.06:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.06:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.07:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.07:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.08:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.08:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.09:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.09:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.10:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.710.10:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.712:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.712:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.713:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.713:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.714:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.714:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.715:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.715:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.716:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:0.716:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.0:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.0:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.01:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.01:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.02:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.02:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.03:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.03:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.04:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.04:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.05:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.05:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.06:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.06:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.07:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.07:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.08:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.08:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.09:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.09:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.10:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.10:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.11:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.11:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.12:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.12:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.13:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.13:*:*:*:*:perl:*:*
  • cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.14:*:*:*:*:perl:*:*
    cpe:2.3:a:soap\:\:lite_project:soap\:\:lite:1.14:*:*:*:*:perl:*:*
CVSS
Base: 5.0 (as of 28-11-2016 - 19:50)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 94487
confirm http://cpansearch.perl.org/src/PHRED/SOAP-Lite-1.20/Changes
Last major update 28-11-2016 - 19:50
Published 22-11-2016 - 17:59
Last modified 28-11-2016 - 19:50
Back to Top