Lucene search

K

GoogleOSV:GHSA-5QP6-78PR-GV8C

HistoryMay 17, 2022 - 3:46 a.m.

PHP OpenID Library Denial of Service vulnerability

2022-05-1703:46:28

Google

osv.dev

12

php

openid

library

vulnerability

remote attacks

xml

cpu

memory

EPSS

0.006

Percentile

79.3%

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

jvn.jp/en/jp/JVN24713981/index.html

jvndb.jvn.jp/jvndb/JVNDB-2013-000080

lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html

lists.opensuse.org/opensuse-updates/2016-08/msg00083.html

github.com/FriendsOfPHP/security-advisories/blob/master/openid/php-openid/CVE-2013-4701.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-4701.yaml

github.com/openid/php-openid

github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9

nvd.nist.gov/vuln/detail/CVE-2013-4701

typo3.org/security/advisory/typo3-core-sa-2014-002

EPSS

0.006

Percentile

79.3%

Related for OSV:GHSA-5QP6-78PR-GV8C

typo31 cvelist1 openvas6 fedora2 prion1 nessus4 friendsofphp3 github1 jvn1 cve1 ubuntucve1 mageia1 nvd1 suse1