CVE-2013-1824

EPSS 1.67%
Published 16.09.2013 13:02:34
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version5

Redhat ≫ Enterprise Linux Version6.0

Apple ≫ macOS X Version >= 10.0.0 < 10.8.5

Php ≫ Php Version < 5.3.22

Php ≫ Php Version >= 5.4.0 < 5.4.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.67%	0.815

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Broken Link

Mailing List

http://support.apple.com/kb/HT5880

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=918187

Patch

Third Party Advisory

Issue Tracking

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4

http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-1824

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1824

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1824

EUVD