VULHUB ™

SOAP::Lite is a collection of Perl modules providing an implementation of the Simple Object Access Protocol (SOAP). It includes support for both client and server programming. A vulnerability has been reported in some versions of SOAP::Lite. It is possible to execute arbitrary Perl functions as the server process, including attacker supplied parameters. This may happen when an attacker provides a fully qualified method to the SOAP call, including Perl package names. Usage of functions such as POSIX::system() may then result in arbitrary shell commands being executed by the server process, and lead to local access to the vulnerable system.

SOAP::Lite is a collection of Perl modules providing an implementation of the Simple Object Access Protocol (SOAP). It includes support for both client and server programming. A vulnerability has been reported in some versions of SOAP::Lite. It is possible to execute arbitrary Perl functions as the server process, including attacker supplied parameters. This may happen when an attacker provides a fully qualified method to the SOAP call, including Perl package names. Usage of functions such as POSIX::system() may then result in arbitrary shell commands being executed by the server process, and lead to local access to the vulnerable system.