CVE-2013-1824

EPSS 2.06%
Veröffentlicht 16.09.2013 13:02:34
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version5

Redhat ≫ Enterprise Linux Version6.0

Apple ≫ macOS X Version >= 10.0.0 < 10.8.5

Php ≫ Php Version < 5.3.22

Php ≫ Php Version >= 5.4.0 < 5.4.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.06%	0.834

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Broken Link

Mailing List

http://support.apple.com/kb/HT5880

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=918187

Patch

Third Party Advisory

Issue Tracking

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4

http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-1824

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1824

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1824

EUVD