CVE-2020-13575 Overview
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. This vulnerability allows an attacker to cause service disruption through a specially crafted SOAP request. The flaw stems from a Null Pointer Dereference (CWE-476) condition that can be triggered remotely without authentication, making it particularly dangerous for exposed SOAP web services.
Critical Impact
Attackers can remotely crash applications using the vulnerable gSOAP WS-Addressing plugin by sending malicious HTTP requests, causing denial of service without requiring authentication or user interaction.
Affected Products
- Genivia gSOAP version 2.8.107
- Fedora 33
- Fedora 34
Discovery Timeline
- 2021-02-10 - CVE CVE-2020-13575 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2020-13575
Vulnerability Analysis
This vulnerability is classified as a Null Pointer Dereference (CWE-476) within the WS-Addressing plugin component of Genivia gSOAP. The WS-Addressing plugin is used to handle message routing and endpoint references in SOAP-based web services. When processing certain malformed SOAP requests, the plugin fails to properly validate input data before dereferencing pointers, resulting in a null pointer dereference condition.
The vulnerability is exploitable remotely over the network without requiring authentication or user interaction. When triggered, the null pointer dereference causes the application to crash, resulting in denial of service for legitimate users. This is particularly impactful for production environments where gSOAP-based services handle critical business operations.
Root Cause
The root cause of this vulnerability is improper input validation in the WS-Addressing plugin when parsing SOAP request headers. The plugin fails to verify that certain WS-Addressing elements are present and valid before attempting to process them. When a specially crafted SOAP request omits or malforms these required elements, the code attempts to dereference a null pointer, causing the application to crash.
Attack Vector
The attack vector is network-based, requiring only the ability to send HTTP requests to a vulnerable gSOAP service. An attacker can exploit this vulnerability by:
- Identifying a target service using gSOAP with the WS-Addressing plugin enabled
- Crafting a malicious SOAP request with manipulated WS-Addressing headers
- Sending the request to the vulnerable endpoint
- The service crashes due to null pointer dereference, causing denial of service
The attack requires no special privileges, authentication, or user interaction. For detailed technical analysis, refer to the Talos Intelligence Vulnerability Report.
Detection Methods for CVE-2020-13575
Indicators of Compromise
- Unexpected application crashes or service restarts of gSOAP-based applications
- Increased error logs related to SOAP request processing failures
- Anomalous SOAP requests with malformed or missing WS-Addressing headers
- Service availability issues coinciding with spikes in SOAP traffic
Detection Strategies
- Monitor application logs for null pointer exceptions or segmentation faults in gSOAP processes
- Implement network-level detection rules for malformed SOAP requests targeting WS-Addressing endpoints
- Deploy application performance monitoring to detect sudden service crashes
- Analyze web server access logs for unusual patterns in SOAP request structures
Monitoring Recommendations
- Configure alerting for gSOAP service availability with automated restart detection
- Implement rate limiting on SOAP endpoints to mitigate denial-of-service attempts
- Enable detailed logging for WS-Addressing plugin operations during investigation periods
- Monitor system resource usage for abnormal patterns indicating repeated crash-restart cycles
How to Mitigate CVE-2020-13575
Immediate Actions Required
- Upgrade Genivia gSOAP to a patched version that addresses CVE-2020-13575
- Review all deployments using gSOAP 2.8.107 and prioritize patching for internet-facing services
- Implement network-level filtering to restrict access to SOAP endpoints from untrusted sources
- Enable web application firewall rules to detect and block malformed SOAP requests
Patch Information
Organizations should update gSOAP to the latest available version from Genivia that includes the security fix for CVE-2020-13575. For Fedora-based systems, security updates are available through the standard package management system. Debian users should consult the Debian LTS Announcement for patching guidance.
Workarounds
- Implement input validation at the reverse proxy or web application firewall level to filter malicious SOAP requests
- Restrict network access to gSOAP services using firewall rules, limiting exposure to trusted clients only
- Deploy service monitoring with automatic restart capabilities to minimize downtime during exploitation attempts
- Consider disabling the WS-Addressing plugin if not required for application functionality
# Example: Restrict access to SOAP endpoint using iptables
iptables -A INPUT -p tcp --dport 8080 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
