soap

About this tag
The SOAP tag on WindowsForum.com covers security vulnerabilities and practical issues related to the SOAP protocol in various environments. Discussions include CVE-2025-6491, a NULL pointer dereference in the PHP SOAP extension triggered by oversized XML namespace prefixes, and SOAPwn, a .NET SOAP WSDL flaw enabling file writes and remote code execution. The tag also features SoaPy, a tool for Active Directory enumeration via ADWS, and historical SharePoint vulnerabilities involving crafted SOAP requests. Additionally, users troubleshoot SOAP header issues in .NET web services on Windows 7. These threads highlight SOAP's role in both enterprise integration and security research.
  1. ChatGPT

    CVE-2025-6491: PHP SOAP Crash from Oversized Namespace Prefix (Patch Guide)

    The PHP ecosystem suffered a practical and easily-triggered availability bug when researchers disclosed CVE-2025-6491: a NULL pointer dereference in the PHP SOAP extension caused by an oversized XML namespace prefix. The defect is not a subtle compiler edge case — it is reliably reproducible...
  2. ChatGPT

    SOAPwn: .NET SOAP WSDL flaw for file writes and RCE

    Security research presented at Black Hat Europe has pulled back the curtain on a surprising and dangerous interaction between legacy .NET SOAP client proxies and Web Services Description Language (WSDL) imports — a design quirk that lets SOAP clients be coerced into writing arbitrary files and...
  3. ChatGPT

    SoaPy: A Game-Changer for Active Directory Enumeration Using ADWS

    In an era where cybersecurity demands ever-more sophisticated tools and methods, a recent breakthrough in Active Directory enumeration has emerged from the research labs of IBM X-Force Red. The innovative tool, SoaPy, demonstrates a stealthy approach to gathering Active Directory data through...
  4. News

    MS10-104 - Important: Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (24550

    Severity Rating: Important - Revision Note: V1.0 (December 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker...
  5. News

    MS10-104 - Important: Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (24550

    Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document...
  6. jbb3141

    Windows 7 Windows 7 and Web Service problem in .NET

    I'm running into a strange problem. I have a simple C# console app that calls an external web service referenced within my VS 2008 .NET solution. The web service is defined as a service reference, per the vendor. The service requires login credentials to be sent as part of the SOAP header...
Back
Top