VDB-93743 · CVE-2015-8978 · BID 94487

Soap Lite up to 1.14 XML Entity Hendler resource management

A vulnerability was found in Soap Lite up to 1.14. It has been rated as critical. This issue affects some unknown processing of the component XML Entity Hendler. The manipulation leads to improper resource management. The CWE definition for the vulnerability is CWE-399. The bug was discovered 11/22/2016. The weakness was presented 11/22/2016 (Website). It is possible to read the advisory at cpansearch.perl.org. The identification of this vulnerability is CVE-2015-8978. The attack may be initiated remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 95359 (Debian DLA-723-1 : libsoap-lite-perl security update), which helps to determine the existence of the flaw in a target environment. It is recommended to upgrade the affected component. A possible mitigation has been published 3 days after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94487) and Tenable (95359).

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

157

Field

source_securityfocus_class1
source_securityfocus_date1
source_cve_assigned1
countermeasure_date1
countermeasure_name1

Commit Conf

100%58
90%10
98%4

Approve Conf

100%58
90%10
98%4
IDCommitedUserFieldChangeRemarksAcceptedReasonC
616701706/07/2019VulD...securityfocus_classFailure to Handle Exceptional Conditionssecurityfocus.com06/07/2019accepted
100
616701606/07/2019VulD...securityfocus_date1479772800 (11/22/2016)securityfocus.com06/07/2019accepted
100
616701106/07/2019VulD...cve_assigned1479772800 (11/22/2016)cve.org06/07/2019accepted
100
616700906/07/2019VulD...date1480032000 (11/25/2016)06/07/2019accepted
100
616700806/07/2019VulD...nameUpgrade06/07/2019accepted
100
616700606/07/2019VulD...confirm_urlhttp://cpansearch.perl.org/src/PHRED/SOAP-Lite-1.20/Changescpansearch.perl.org06/07/2019accepted
100
616699506/07/2019VulD...cvss3_vuldb_aHsee CVSS documentation06/07/2019accepted
100
616699406/07/2019VulD...cvss3_vuldb_iNsee CVSS documentation06/07/2019accepted
100
616699306/07/2019VulD...cvss3_vuldb_cNsee CVSS documentation06/07/2019accepted
100
616699206/07/2019VulD...cvss3_vuldb_sUsee CVSS documentation06/07/2019accepted
100
616699106/07/2019VulD...cvss3_vuldb_uiNsee CVSS documentation06/07/2019accepted
100
616699006/07/2019VulD...cvss3_vuldb_prNsee CVSS documentation06/07/2019accepted
100
616698906/07/2019VulD...cvss3_vuldb_acLsee CVSS documentation06/07/2019accepted
100
616698806/07/2019VulD...cvss3_vuldb_avNsee CVSS documentation06/07/2019accepted
100
616696706/07/2019VulD...discoverydate147977280006/07/2019accepted
100
616703511/22/2016VulD...cvss3_nvd_basescore7.5nist.gov11/22/2016accepted
90
616703411/22/2016VulD...exposure_days311/22/2016accepted
90
616703311/22/2016VulD...reaction_days311/22/2016accepted
90
616703211/22/2016VulD...cvss3_vuldb_rcXsee CVSS documentation11/22/2016accepted
90
616703111/22/2016VulD...cvss3_vuldb_rlOsee CVSS documentation11/22/2016accepted
90

52 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!