Showing 1 - 6 of 6

CVE-2013-1635

Status Candidate

Overview

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

Related Files

Gentoo Linux Security Advisory 201408-11: Posted Aug 29, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.; tags | advisory, remote, arbitrary, php, vulnerability; systems | linux, gentoo; advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120; MD5 | 9fc05cd1682ef7aee444653346de8eae; Download | Favorite | Comments (0)

Apple Security Advisory 2013-09-12-1: Posted Sep 13, 2013; Authored by Apple | Site apple.com; Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.; tags | advisory; systems | apple, osx; advisories | CVE-2012-0883, CVE-2012-2686, CVE-2012-2687, CVE-2012-3499, CVE-2012-3817, CVE-2012-4244, CVE-2012-4558, CVE-2012-5166, CVE-2012-5688, CVE-2013-0166, CVE-2013-0169, CVE-2013-1025, CVE-2013-1026, CVE-2013-1027, CVE-2013-1028, CVE-2013-1029, CVE-2013-1030, CVE-2013-1031, CVE-2013-1032, CVE-2013-1033, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903; MD5 | 96c6f398543b51223ffc420751d9b016; Download | Favorite | Comments (0)

Mandriva Linux Security Advisory 2013-114: Posted Apr 11, 2013; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2013-114 - ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity issue in the soap_xmlParseFile and soap_xmlParseMemory functions. Various other issues have also been addressed.; tags | advisory, remote, arbitrary, php, xxe; systems | linux, mandriva; advisories | CVE-2013-1635, CVE-2013-1643; MD5 | 378943423ebe5ac7cd59af97a036a630; Download | Favorite | Comments (0)

Slackware Security Advisory - php Updates: Posted Mar 25, 2013; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1635,CVE-2013-1643.; tags | advisory, php; systems | linux, slackware; advisories | CVE-2013-1635, CVE-2013-1643; MD5 | 92be7eacf6b0d634b25370cc20f27110; Download | Favorite | Comments (0)

Debian Security Advisory 2639-1: Posted Mar 6, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2639-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.; tags | advisory, web, php, vulnerability; systems | linux, debian; advisories | CVE-2013-1635, CVE-2013-1643; MD5 | 864f35344d20a3efbad92d698edc94a1; Download | Favorite | Comments (0)

Mandriva Linux Security Advisory 2013-016: Posted Feb 28, 2013; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2013-016 - PHP does not validate the configuration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter. The updated packages have been upgraded to the 5.3.22 version which is not vulnerable to these issues. Additionally, some packages which requires so has been rebuilt for php-5.3.22.; tags | advisory, remote, web, arbitrary, php; systems | linux, mandriva; advisories | CVE-2013-1635, CVE-2013-1643; MD5 | 1c1539e7ef7a6c642a3752891f38667f; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Red Hat 67 files
Ubuntu 43 files
Debian 18 files
Google Security Research 14 files
Shubham Singh 9 files
Slackware Security Team 7 files
cp77fk4r 6 files
digitalwhisper 6 files
Eric Sesterhenn 5 files
lokihardt 5 files

File Archives

Systems

AIX (409)
Apple (1,569)
BSD (340)
Cisco (1,818)
Debian (5,575)
Fedora (1,683)
FreeBSD (1,200)
Gentoo (3,590)
HPUX (865)
iOS (179)
iPhone (103)
IRIX (219)
Juniper (66)
Linux (33,896)
Mac OS X (653)
Mandriva (3,105)
NetBSD (255)
OpenBSD (456)
RedHat (6,712)
Slackware (845)
Solaris (1,570)
SUSE (1,444)
Ubuntu (5,763)
UNIX (8,317)
UnixWare (172)
Windows (5,366)
Other