{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2015-8978","title":"Title"},{"category":"description","text":"In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2015-8978","url":"https://www.suse.com/security/cve/CVE-2015-8978"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1011836 for CVE-2015-8978","url":"https://bugzilla.suse.com/1011836"},{"category":"external","summary":"Advisory link for SUSE-SU-2016:3052-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2016-December/002453.html"}],"title":"SUSE CVE CVE-2015-8978","tracking":{"current_release_date":"2025-10-07T23:53:58Z","generator":{"date":"2023-02-15T05:10:14Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2015-8978","initial_release_date":"2023-02-15T05:10:14Z","revision_history":[{"date":"2023-02-15T05:10:14Z","number":"2","summary":"Current version"},{"date":"2025-03-16T04:22:52Z","number":"3","summary":"Current version"},{"date":"2025-04-15T08:25:46Z","number":"4","summary":"Current version"},{"date":"2025-10-07T23:53:58Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 11 SP4","product":{"name":"SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sled:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP2","product":{"name":"SUSE Linux Enterprise Desktop 12 SP2","product_id":"SUSE Linux Enterprise Desktop 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4","product":{"name":"SUSE Linux Enterprise Server 11 SP4","product_id":"SUSE Linux Enterprise Server 11 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2","product":{"name":"SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 11 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 11 SP4","product":{"name":"SUSE Linux Enterprise Software Development Kit 11 SP4","product_id":"SUSE Linux Enterprise Software Development Kit 11 SP4","product_identification_helper":{"cpe":"cpe:/a:suse:sle-sdk:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 12 SP2","product":{"name":"SUSE Linux Enterprise Software Development Kit 12 SP2","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-sdk:12:sp2"}}},{"category":"product_version","name":"perl-SOAP-Lite","product":{"name":"perl-SOAP-Lite","product_id":"perl-SOAP-Lite","product_identification_helper":{"cpe":"cpe:2.3:a:soap\\:\\:lite_project:soap\\:\\:lite:*:*:*:*:*:perl:*:*","purl":"pkg:rpm/suse/perl-SOAP-Lite@?upstream=perl-SOAP-Lite.src.rpm"}}},{"category":"product_version","name":"perl-SOAP-Lite-0.710.08-3.1","product":{"name":"perl-SOAP-Lite-0.710.08-3.1","product_id":"perl-SOAP-Lite-0.710.08-3.1","product_identification_helper":{"cpe":"cpe:2.3:a:soap\\:\\:0.710.08:soap\\:\\:lite:*:*:*:*:*:perl:*:*","purl":"pkg:rpm/suse/perl-SOAP-Lite@0.710.08-3.1?upstream=perl-SOAP-Lite-0.710.08-3.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite-0.710.08-3.1 as component of SUSE Linux Enterprise Server 11 SP4","product_id":"SUSE Linux Enterprise Server 11 SP4:perl-SOAP-Lite-0.710.08-3.1"},"product_reference":"perl-SOAP-Lite-0.710.08-3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite-0.710.08-3.1 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-SOAP-Lite-0.710.08-3.1"},"product_reference":"perl-SOAP-Lite-0.710.08-3.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite-0.710.08-3.1 as component of SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4:perl-SOAP-Lite-0.710.08-3.1"},"product_reference":"perl-SOAP-Lite-0.710.08-3.1","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite-0.710.08-3.1 as component of SUSE Linux Enterprise Software Development Kit 11 SP4","product_id":"SUSE Linux Enterprise Software Development Kit 11 SP4:perl-SOAP-Lite-0.710.08-3.1"},"product_reference":"perl-SOAP-Lite-0.710.08-3.1","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:perl-SOAP-Lite"},"product_reference":"perl-SOAP-Lite","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-SOAP-Lite"},"product_reference":"perl-SOAP-Lite","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite as component of SUSE Linux Enterprise Desktop 12 SP2","product_id":"SUSE Linux Enterprise Desktop 12 SP2:perl-SOAP-Lite"},"product_reference":"perl-SOAP-Lite","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"perl-SOAP-Lite as component of SUSE Linux Enterprise Software Development Kit 12 SP2","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP2:perl-SOAP-Lite"},"product_reference":"perl-SOAP-Lite","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP2"}]},"vulnerabilities":[{"cve":"CVE-2015-8978","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8978"}],"notes":[{"category":"general","text":"In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copies of the first entity. The amount of computer memory used for handling an external SOAP call would likely exceed that available to the process parsing the XML.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Desktop 12 SP2:perl-SOAP-Lite","SUSE Linux Enterprise Server 12 SP2:perl-SOAP-Lite","SUSE Linux Enterprise Server for SAP Applications 12 SP2:perl-SOAP-Lite","SUSE Linux Enterprise Software Development Kit 12 SP2:perl-SOAP-Lite"],"recommended":["SUSE Linux Enterprise Desktop 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Server 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Software Development Kit 11 SP4:perl-SOAP-Lite-0.710.08-3.1"]},"references":[{"category":"external","summary":"CVE-2015-8978","url":"https://www.suse.com/security/cve/CVE-2015-8978"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1011836 for CVE-2015-8978","url":"https://bugzilla.suse.com/1011836"},{"category":"external","summary":"Advisory link for SUSE-SU-2016:3052-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2016-December/002453.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Server 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Software Development Kit 11 SP4:perl-SOAP-Lite-0.710.08-3.1"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Server 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-SOAP-Lite-0.710.08-3.1","SUSE Linux Enterprise Software Development Kit 11 SP4:perl-SOAP-Lite-0.710.08-3.1"]}],"threats":[{"category":"impact","date":"2016-11-22T21:15:06Z","details":"moderate"}],"title":"CVE-2015-8978"}]}