Tuesday April 09, 2002
Is Apache::SOAP vunerable?
I read the phrack article pointed to in Ilya's journal
so I think
I understand the issue with security in SOAP::Lite. I'd like to hear Paul's opinion on this, but I think that the SOAP::Lite server I use the most, Apache::SOAP, would seem to be somewhat protected from this behavior - the PerlSetVar dispatch_to would limit the namespaces that can be dispatched, thus keeping potential bad guys from making arbitrary method calls
for me, at least, without the exploit in hand it's hard to tell. guess I should read that article again today and check out the happenings on the soaplite list
to see how things progress...