7.5

CVE-2013-4701

Exploit

EPSS 0.88%
Veröffentlicht 21.08.2013 16:55:11
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Janrain ≫ Php-openid Version <= 2.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.732

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://jvn.jp/en/jp/JVN24713981/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000080

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html

https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2013-4701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4701

EUVD