Security Advisories (2)
CVE-2015-8978 (2015-07-21)

An example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.

CVE-2002-1742 (2002-04-08)

Allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.

Changes for version 0.52 - 2001-10-18

  • ! fixed content_type returned under mod_perl with 500 SERVER ERROR status (thanks to Geoffrey Young and Scott Hutton) ! fixed problem with multiple bindings in WSDL file generated by MS SOAP toolkit ! fixed handling of boolean type in 1999 Schema and hexBinary type in 2001 Schema ! fixed warning and problem with WOULDBLOCK state in IO::SessionData (thanks to Marty Pauley) ! fixed miscalculation in position within sparse arrays ! fixed problem with URI when methods of SOAP::Data are called in certain order (thanks to Taras Shkvarchuk) ! fixed CRLF problem in CGI module on Windows platform under IIS (thanks to Werner Ackerl) ! fixed hex and hexBinary datatypes generation ! fixed content-length calculation when payload has multibyte utf8 characters ! fixed problem with XMLRPC and nested packages with more than two levels (thanks to Leonid Gernovski) ! fixed (again) memory leak in SOAP::Parser (thanks to Craig Johnston)
  • updated Jabber interface for new format of 'use Net::Jabber ...' does not work with Net::Jabber 1.022 and later
  • updated XMLRPC::Lite to not detect value as float for 'NaN' and 'INF' strings
  • updated XMLRPC::Lite to return 200OK on errors
  • updated XMLRPC do not specify charset in content-type
  • updated Makefile.PL to allow configuration from command line (thanks to Dana Powers)
  • updated publishing API tests for UDDI server to call a new server (GLUE)
  • changed close() to shutdown() in Daemon transport (thanks to Sean Meisner)
  • added support for HTTP_proxy and HTTP_proxy_* in WSDL access (thanks to Stephen Shortland)
  • added XMLRPC support in COM interface. XMLRPC client and server can be created using COM interface
  • added DO_NOT_PROCESS_XML_IN_MIME option for MIME parts with text/xml content type
  • modified deserialization algorithm that allows to properly deserialize SOAP1.2 messages when default is set to SOAP1.1 and vice versa
  • added fault in XMLRPC::Lite for incorrect datatypes specified by user (thanks to Paul Prescod)
  • added option to not generate XML declaration
  • added encoding for ']]>' (thanks to Matt Sergeant and James Amrhein)
  • added '\r' => '
' conversion in strings
  • added complain on incorrect simple types
  • added byNameOrOrder and byName functions for SOAP::Server::Parameters (thanks to Matt Stum)
  • added handling relative locations in <import> in WSDL
  • added stringification of SOAP::Fault (thanks to Tim Jenness)
  • added documentation for SSL certificate authentication
  • added more examples (terraserver.pl, joke.pl, weblog.pl)
  • added more tests

Documentation

Interactive shell for SOAP calls
Interactive shell for XMLRPC calls

Modules

mod_perl-based SOAP server with minimum configuration
mod_perl-based XML-RPC server with minimum configuration
Client and server side SOAP implementation
Test framework for SOAP::Lite
Client side FTP support for SOAP::Lite
Server/Client side HTTP support for SOAP::Lite
Server side IO support for SOAP::Lite
Server/Client side JABBER support for SOAP::Lite
Client side no-transport support for SOAP::Lite
Client side SMTP/sendmail support for SOAP::Lite
Server/Client side MQ support for SOAP::Lite
Server side POP3 support for SOAP::Lite
Server/Client side TCP support for SOAP::Lite
Library for UDDI clients in Perl
Lightweight regexp-based XML parser
client and server implementation of XML-RPC protocol
Test framework for XMLRPC::Lite
Server/Client side HTTP support for XMLRPC::Lite
Server side POP3 support for XMLRPC::Lite
Server/Client side TCP support for XMLRPC::Lite

Provides

in lib/IO/SessionData.pm
in lib/IO/SessionSet.pm
in lib/SOAP/Transport/HTTP.pm UNAUTHORIZED
in lib/SOAP/Test.pm
in lib/XMLRPC/Test.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Test.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Transport/FTP.pm
in lib/SOAP/Transport/HTTP.pm
in lib/SOAP/Transport/HTTP.pm
in lib/SOAP/Transport/HTTP.pm
in lib/SOAP/Transport/HTTP.pm
in lib/SOAP/Transport/HTTP.pm
in lib/SOAP/Transport/HTTP.pm
in lib/SOAP/Transport/IO.pm
in lib/SOAP/Transport/JABBER.pm
in lib/SOAP/Transport/JABBER.pm
in lib/SOAP/Transport/JABBER.pm
in lib/SOAP/Transport/LOCAL.pm
in lib/SOAP/Transport/MAILTO.pm
in lib/SOAP/Transport/MQ.pm
in lib/SOAP/Transport/MQ.pm
in lib/SOAP/Transport/POP3.pm
in lib/SOAP/Transport/TCP.pm
in lib/SOAP/Transport/TCP.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/SOAP/Lite.pm
in lib/UDDI/Lite.pm
in lib/UDDI/Lite.pm
in lib/UDDI/Lite.pm
in lib/UDDI/Lite.pm
in lib/SOAP/Transport/JABBER.pm
in lib/SOAP/Transport/MQ.pm
in lib/SOAP/Transport/TCP.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Lite.pm
in lib/XMLRPC/Test.pm
in lib/XMLRPC/Transport/HTTP.pm
in lib/XMLRPC/Transport/HTTP.pm
in lib/XMLRPC/Transport/HTTP.pm
in lib/XMLRPC/Transport/POP3.pm
in lib/XMLRPC/Transport/TCP.pm

Examples