SOAP-Lite 0.66
Security Advisories
CVE-2015-8978
An example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.
- https://www.securityfocus.com/bid/94487
- https://github.com/redhotpenguin/perl-soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124
Fixed version: >=1.15
Reported: 2015-07-21
Kwalitee Issues
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: OldDocs::SOAP::Lite, OldDocs::SOAP::Transport::FTP, OldDocs::SOAP::Transport::HTTP, OldDocs::SOAP::Transport::IO, OldDocs::SOAP::Transport::JABBER, OldDocs::SOAP::Transport::LOCAL, OldDocs::SOAP::Transport::MAILTO, OldDocs::SOAP::Transport::MQ, OldDocs::SOAP::Transport::POP3, OldDocs::SOAP::Transport::TCP, SOAP::Client, SOAP::Constants, SOAP::Data, SOAP::Deserializer, SOAP::Fault, SOAP::Header, SOAP::SOM, SOAP::Schema, SOAP::Serializer, SOAP::Server, SOAP::Trace, SOAP::Transport, SOAP::Utils
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: SOAP-Lite-0.66/bin/stubmaker.pl -- Around line 85: You forgot a '=back' before '=head1' Around line 111: You forgot a '=back' before '=head1'
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: Apache::SOAP, Apache::XMLRPC::Lite, IO::SessionData, IO::SessionSet, OldDocs::SOAP::Lite, OldDocs::SOAP::Transport::FTP, OldDocs::SOAP::Transport::HTTP, OldDocs::SOAP::Transport::IO, OldDocs::SOAP::Transport::JABBER, OldDocs::SOAP::Transport::LOCAL, OldDocs::SOAP::Transport::MAILTO, OldDocs::SOAP::Transport::MQ, OldDocs::SOAP::Transport::POP3, OldDocs::SOAP::Transport::TCP, SOAP::Client, SOAP::Constants, SOAP::Data, SOAP::Deserializer, SOAP::Fault, SOAP::Header, SOAP::Lite, SOAP::Packager, SOAP::SOM, SOAP::Schema, SOAP::Serializer, SOAP::Server, SOAP::Test, SOAP::Trace, SOAP::Transport, SOAP::Transport::FTP, SOAP::Transport::HTTP, SOAP::Transport::IO, SOAP::Transport::JABBER, SOAP::Transport::LOCAL, SOAP::Transport::MAILTO, SOAP::Transport::MQ, SOAP::Transport::POP3, SOAP::Transport::TCP, SOAP::Utils, UDDI::Lite, XML::Parser::Lite, XMLRPC::Lite, XMLRPC::Test, XMLRPC::Transport::HTTP, XMLRPC::Transport::POP3, XMLRPC::Transport::TCP
- no_unauthorized_packages
-
Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.
Error:
- LWP::Protocol
- no_invalid_versions
-
Fix the version numbers so that version::is_lax($version) returns true.
Error:
- lib/Apache/SOAP.pm: HASH(0x55607c5ec828)
- lib/Apache/XMLRPC/Lite.pm: HASH(0x55607f851050)
- lib/SOAP/Transport/FTP.pm: HASH(0x55607f4d2fa0)
- lib/SOAP/Transport/HTTP.pm: HASH(0x55607fa2ae30)
- lib/SOAP/Transport/IO.pm: HASH(0x55607fc2f9e0)
- lib/SOAP/Transport/JABBER.pm: HASH(0x55607f3a8588)
- lib/SOAP/Transport/LOCAL.pm: HASH(0x55607f9c0278)
- lib/SOAP/Transport/MAILTO.pm: HASH(0x55607cd61290)
- lib/SOAP/Transport/MQ.pm: HASH(0x55607c078f28)
- lib/SOAP/Transport/POP3.pm: HASH(0x55607fa4aec0)
- lib/SOAP/Transport/TCP.pm: HASH(0x55607f9c8f98)
- lib/UDDI/Lite.pm: HASH(0x55607f810e98)
- lib/XMLRPC/Lite.pm: HASH(0x55607cc10eb8)
- lib/XMLRPC/Transport/HTTP.pm: HASH(0x55607cc37968)
- lib/XMLRPC/Transport/POP3.pm: HASH(0x55607f2c5700)
- lib/XMLRPC/Transport/TCP.pm: HASH(0x55607f4daeb0)
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.,0.65_3,0.66,1.02
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Apache::SOAP | mod_perl-based SOAP server with minimum configuration | metacpan | |
Apache::XMLRPC::Lite | mod_perl-based XML-RPC server with minimum configuration | metacpan | |
IO::SessionData | 1.02 | metacpan | |
IO::SessionSet | metacpan | ||
SOAP::Client | exists purely as a superclass for client classes declared by the various SOAP::Lite transport modules. | 0.66 | metacpan |
SOAP::Constants | SOAP::Lite provides several variables to allows programmers and users to modify the behavior of SOAP::Lite in specific ways. | 0.66 | metacpan |
SOAP::Data | this class provides the means by which to explicitly manipulate and control all aspects of the way in which Perl data gets expressed as SOAP data entities. | 0.66 | metacpan |
SOAP::Deserializer | the means by which the toolkit manages the conversion of XML into an object managable by a developer | 0.66 | metacpan |
SOAP::Fault | encapsulates SOAP faults prior to their serialization or after their deserialization | 0.66 | metacpan |
SOAP::Header | similar to SOAP::Data elements, a SOAP::Header object simply is encoded in the SOAP Header block | 0.66 | metacpan |
SOAP::Lite | Perl's Web Services Toolkit | 0.66 | metacpan |
SOAP::Packager | this class is an abstract class which allows for multiple types of packaging agents such as MIME and DIME. | metacpan | |
SOAP::SOM | provides access to the values contained in SOAP Response | 0.66 | metacpan |
SOAP::Schema | provides an umbrella for the way in which SOAP::Lite manages service description schemas | 0.66 | metacpan |
SOAP::Serializer | the means by which the toolkit manages the expression of data as XML | 0.66 | metacpan |
SOAP::Server | provides the basic framework for the transport-specific server classes to build upon | 0.66 | metacpan |
SOAP::Test | Test framework for SOAP::Lite | 0. | metacpan |
SOAP::Trace | used only to manage and manipulate the runtime tracing of execution within the toolkit | 0.66 | metacpan |
SOAP::Transport | an abstract class extended by more specialized transport modules | 0.66 | metacpan |
SOAP::Transport::FTP | Client side FTP support for SOAP::Lite | metacpan | |
SOAP::Transport::HTTP | Server/Client side HTTP support for SOAP::Lite | metacpan | |
SOAP::Transport::IO | Server side IO support for SOAP::Lite | metacpan | |
SOAP::Transport::JABBER | Server/Client side JABBER support for SOAP::Lite | metacpan | |
SOAP::Transport::LOCAL | Client side no-transport support for SOAP::Lite | metacpan | |
SOAP::Transport::MAILTO | Client side SMTP/sendmail support for SOAP::Lite | metacpan | |
SOAP::Transport::MQ | Server/Client side MQ support for SOAP::Lite | metacpan | |
SOAP::Transport::POP3 | Server side POP3 support for SOAP::Lite | metacpan | |
SOAP::Transport::TCP | Server/Client side TCP support for SOAP::Lite | metacpan | |
SOAP::Utils | a utility package for SOAP::Lite | 0.66 | metacpan |
UDDI::Lite | Library for UDDI clients in Perl | metacpan | |
XML::Parser::Lite | Lightweight regexp-based XML parser | 0.65_3 | metacpan |
XMLRPC::Lite | client and server implementation of XML-RPC protocol | metacpan | |
XMLRPC::Test | Test framework for XMLRPC::Lite | 0. | metacpan |
XMLRPC::Transport::HTTP | Server/Client side HTTP support for XMLRPC::Lite | metacpan | |
XMLRPC::Transport::POP3 | Server side POP3 support for XMLRPC::Lite | metacpan | |
XMLRPC::Transport::TCP | Server/Client side TCP support for XMLRPC::Lite | metacpan |
Provides
Name | File | View |
---|---|---|
LWP::Protocol | lib/SOAP/Transport/HTTP.pm | metacpan |
My::PingPong | lib/SOAP/Test.pm | metacpan |
SOAP | lib/SOAP/Lite.pm | metacpan |
SOAP::Cloneable | lib/SOAP/Lite.pm | metacpan |
SOAP::Custom::XML::Data | lib/SOAP/Lite.pm | metacpan |
SOAP::Custom::XML::Deserializer | lib/SOAP/Lite.pm | metacpan |
SOAP::Lite::COM | lib/SOAP/Lite.pm | metacpan |
SOAP::Packager::DIME | lib/SOAP/Packager.pm | metacpan |
SOAP::Packager::MIME | lib/SOAP/Packager.pm | metacpan |
SOAP::Parser | lib/SOAP/Lite.pm | metacpan |
SOAP::Schema::Deserializer | lib/SOAP/Lite.pm | metacpan |
SOAP::Schema::WSDL | lib/SOAP/Lite.pm | metacpan |
SOAP::Server::Object | lib/SOAP/Lite.pm | metacpan |
SOAP::Server::Parameters | lib/SOAP/Lite.pm | metacpan |
SOAP::Test::Server | lib/SOAP/Test.pm | metacpan |
SOAP::Transport::FTP::Client | lib/SOAP/Transport/FTP.pm | metacpan |
SOAP::Transport::HTTP::Apache | lib/SOAP/Transport/HTTP.pm | metacpan |
SOAP::Transport::HTTP::CGI | lib/SOAP/Transport/HTTP.pm | metacpan |
SOAP::Transport::HTTP::Client | lib/SOAP/Transport/HTTP.pm | metacpan |
SOAP::Transport::HTTP::Daemon | lib/SOAP/Transport/HTTP.pm | metacpan |
SOAP::Transport::HTTP::FCGI | lib/SOAP/Transport/HTTP.pm | metacpan |
SOAP::Transport::HTTP::Server | lib/SOAP/Transport/HTTP.pm | metacpan |
SOAP::Transport::IO::Server | lib/SOAP/Transport/IO.pm | metacpan |
SOAP::Transport::JABBER::Client | lib/SOAP/Transport/JABBER.pm | metacpan |
SOAP::Transport::JABBER::Query | lib/SOAP/Transport/JABBER.pm | metacpan |
SOAP::Transport::JABBER::Server | lib/SOAP/Transport/JABBER.pm | metacpan |
SOAP::Transport::LOCAL::Client | lib/SOAP/Transport/LOCAL.pm | metacpan |
SOAP::Transport::MAILTO::Client | lib/SOAP/Transport/MAILTO.pm | metacpan |
SOAP::Transport::MQ::Client | lib/SOAP/Transport/MQ.pm | metacpan |
SOAP::Transport::MQ::Server | lib/SOAP/Transport/MQ.pm | metacpan |
SOAP::Transport::POP3::Server | lib/SOAP/Transport/POP3.pm | metacpan |
SOAP::Transport::TCP::Client | lib/SOAP/Transport/TCP.pm | metacpan |
SOAP::Transport::TCP::Server | lib/SOAP/Transport/TCP.pm | metacpan |
SOAP::XMLSchema1999::Deserializer | lib/SOAP/Lite.pm | metacpan |
SOAP::XMLSchema1999::Serializer | lib/SOAP/Lite.pm | metacpan |
SOAP::XMLSchema2001::Deserializer | lib/SOAP/Lite.pm | metacpan |
SOAP::XMLSchema2001::Serializer | lib/SOAP/Lite.pm | metacpan |
SOAP::XMLSchema::Serializer | lib/SOAP/Lite.pm | metacpan |
SOAP::XMLSchemaApacheSOAP::Deserializer | lib/SOAP/Lite.pm | metacpan |
SOAP::XMLSchemaSOAP1_1::Deserializer | lib/SOAP/Lite.pm | metacpan |
SOAP::XMLSchemaSOAP1_2::Deserializer | lib/SOAP/Lite.pm | metacpan |
UDDI::Constants | lib/UDDI/Lite.pm | metacpan |
UDDI::Data | lib/UDDI/Lite.pm | metacpan |
UDDI::Deserializer | lib/UDDI/Lite.pm | metacpan |
UDDI::SOM | lib/UDDI/Lite.pm | metacpan |
UDDI::Serializer | lib/UDDI/Lite.pm | metacpan |
URI::jabber | lib/SOAP/Transport/JABBER.pm | metacpan |
URI::mq | lib/SOAP/Transport/MQ.pm | metacpan |
URI::tcp | lib/SOAP/Transport/TCP.pm | metacpan |
XMLRPC | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::Constants | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::Data | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::Deserializer | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::SOM | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::Serializer | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::Server | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::Server::Parameters | lib/XMLRPC/Lite.pm | metacpan |
XMLRPC::Test::Server | lib/XMLRPC/Test.pm | metacpan |
XMLRPC::Transport::HTTP::Apache | lib/XMLRPC/Transport/HTTP.pm | metacpan |
XMLRPC::Transport::HTTP::CGI | lib/XMLRPC/Transport/HTTP.pm | metacpan |
XMLRPC::Transport::HTTP::Daemon | lib/XMLRPC/Transport/HTTP.pm | metacpan |
XMLRPC::Transport::POP3::Server | lib/XMLRPC/Transport/POP3.pm | metacpan |
XMLRPC::Transport::TCP::Server | lib/XMLRPC/Transport/TCP.pm | metacpan |