4.3

CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version5
RedhatEnterprise Linux Version6.0
ApplemacOS X Version >= 10.0.0 < 10.8.5
PhpPhp Version < 5.3.22
PhpPhp Version >= 5.4.0 < 5.4.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.31% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Broken Link
Mailing List
http://support.apple.com/kb/HT5880
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=918187
Patch
Third Party Advisory
Issue Tracking
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html
Third Party Advisory