Lucene search

PRIOn knowledge basePRION:CVE-2013-1643

HistoryMar 06, 2013 - 1:10 p.m.

Xxe

2013-03-0613:10:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.2%

JSON

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.4.9
phpeq3.0
phple5.3.21
phpeq5.2.9
phpeq4.0 beta1
phpeq3.0.5
phpeq3.0.11
phpeq5.3.10
phpeq5.1.5

Name	Operator	Version
php	eq	4.3.9
php	eq	4.4.9
php	eq	3.0
php	le	5.3.21
php	eq	5.2.9
php	eq	4.0 beta1
php	eq	3.0.5
php	eq	3.0.11
php	eq	5.3.10
php	eq	5.1.5

Rows per page:

1-10 of 1371

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221

git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6

lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html

rhn.redhat.com/errata/RHSA-2013-1307.html

rhn.redhat.com/errata/RHSA-2013-1615.html

secunia.com/advisories/55078

support.apple.com/kb/HT5880

www.debian.org/security/2013/dsa-2639

www.mandriva.com/security/advisories?name=MDVSA-2013:114

www.php.net/ChangeLog-5.php

www.ubuntu.com/usn/USN-1761-1

bugs.gentoo.org/show_bug.cgi?id=459904

bugzilla.redhat.com/show_bug.cgi?id=918187

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101