Loading ...
Sorry, an error occurred while loading the content.

security hole in soaplite

Expand Messages
  • Shin Neng Wong
    Hi everyone, I just came across an article from this link: http://use.perl.org/articles/02/04/09/000212.shtml?tid=1 I am using SOAPLite as the server and want
    Message 1 of 3 , Apr 15, 2002
    • 0 Attachment
      Hi everyone,

      I just came across an article from this link:

      http://use.perl.org/articles/02/04/09/000212.shtml?tid=1


      I am using SOAPLite as the server and want to overcome
      this hole. Can anyone give me feedback and insight on
      any bug fixes? If I can contribute, please let me
      know although my programming skills is terrible. :)

      Regards,

      SN Wong

      __________________________________________________
      Do You Yahoo!?
      Yahoo! Tax Center - online filing with TurboTax
      http://taxes.yahoo.com/
    • Paul Kulchenko
      Hi, All! New version of SOAP::Lite has been released today. Although not all changes made into this release (even though some of them were in CVS already),
      Message 2 of 3 , Apr 15, 2002
      • 0 Attachment
        Hi, All!

        New version of SOAP::Lite has been released today.

        Although not all changes made into this release (even though some of
        them were in CVS already), here is the list of most important ones:

        fixed security vulnerability with fully qualified method names
        (thanks to Randal Schwartz, Ilya Martynov and many others)
        fixed problem with TCP transport and SSL (thanks to Chris Hurd)
        fixed TCP transport to specify correct length with utf8 strings
        (thanks to Robin Fuller)
        fixed incorrect encoding when parameters list includes undefined
        values (thanks to Chris Radcliff)
        added check for TCP transport on Mac (thanks to Robin Fuller)
        added check for shutdown() method on AIX (thanks to Jos Clijmans)
        added check for blocking() method in TCP transport (thanks to Jos
        Clijmans)
        optimized parsing strings with entity encoding (thanks to Mathieu
        Longtin)
        added check for entity size for CGI transport
        ($SOAP::Constant::MAX_CONTENT_SIZE) (thanks to J. Klunder)

        This version fixes this security vulnerability, so you may consider
        upgrade or check 'KNOWN BUGS AND LIMITATIONS' section
        (http://soaplite.com/#LIMITATIONS) for more information.

        This version has been uploaded to CPAN and should be available there
        soon. Thank you for all your help and feedback.

        Best wishes, Paul.

        --- Shin Neng Wong <shinnengw@...> wrote:
        > Hi everyone,
        >
        > I just came across an article from this link:
        >
        > http://use.perl.org/articles/02/04/09/000212.shtml?tid=1
        >
        >
        > I am using SOAPLite as the server and want to overcome
        > this hole. Can anyone give me feedback and insight on
        > any bug fixes? If I can contribute, please let me
        > know although my programming skills is terrible. :)
        >
        > Regards,
        >
        > SN Wong
        >
        > __________________________________________________
        > Do You Yahoo!?
        > Yahoo! Tax Center - online filing with TurboTax
        > http://taxes.yahoo.com/
        >
        > ------------------------ Yahoo! Groups Sponsor
        >
        > To unsubscribe from this group, send an email to:
        > soaplite-unsubscribe@yahoogroups.com
        >
        >
        >
        > Your use of Yahoo! Groups is subject to
        > http://docs.yahoo.com/info/terms/
        >
        >


        __________________________________________________
        Do You Yahoo!?
        Yahoo! Tax Center - online filing with TurboTax
        http://taxes.yahoo.com/
      • Shin Neng Wong
        sorry guys. abit slow about realizing things. i just found the patch here: http://groups.yahoo.com/group/soaplite/message/1394 I ll try to find more info
        Message 3 of 3 , Apr 15, 2002
        • 0 Attachment
          sorry guys. abit slow about realizing things. i just
          found the patch here:

          http://groups.yahoo.com/group/soaplite/message/1394

          I'll try to find more info before just posting...:)


          --- Shin Neng Wong <shinnengw@...> wrote:
          > Hi everyone,
          >
          > I just came across an article from this link:
          >
          >
          http://use.perl.org/articles/02/04/09/000212.shtml?tid=1
          >
          >
          > I am using SOAPLite as the server and want to
          > overcome
          > this hole. Can anyone give me feedback and insight
          > on
          > any bug fixes? If I can contribute, please let me
          > know although my programming skills is terrible. :)
          >
          > Regards,
          >
          > SN Wong
          >
          > __________________________________________________
          > Do You Yahoo!?
          > Yahoo! Tax Center - online filing with TurboTax
          > http://taxes.yahoo.com/
          >


          __________________________________________________
          Do You Yahoo!?
          Yahoo! Tax Center - online filing with TurboTax
          http://taxes.yahoo.com/
        Your message has been successfully submitted and would be delivered to recipients shortly.