CVE-2013-2217

Suds 0.4 - Symlink Attack via Predictable Cache File in /tmp/suds/

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2217. PoCs published by Osirium.

AI-analyzed exploit summary This repository contains the source code for the Suds library, a lightweight SOAP-based web services client for Python. It includes release notes and documentation but no exploit code or proof-of-concept for CVE-2013-2217.

Description

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Exploits (1)

nomisec WRITEUP
by Osirium · poc
https://github.com/Osirium/suds

This repository contains the source code for the Suds library, a lightweight SOAP-based web services client for Python. It includes release notes and documentation but no exploit code or proof-of-concept for CVE-2013-2217.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Suds library (versions up to 0.3.6)
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2008-1
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=978696
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/06/27/8
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html

Scores

EPSS 0.0012
EPSS Percentile 31.3%

Details

CWE
CWE-59
Status published
Products (7)
jeff_ortel/suds 0.4
opensuse/opensuse 12.2
opensuse/opensuse 12.3
pypi/suds 0 - 1.0.0PyPI
pypi/suds-py3 0 - 1.4.4.1PyPI
redhat/enterprise_linux 5
redhat/enterprise_linux 6.0
Published Sep 23, 2013
Tracked Since Feb 18, 2026