Lucene search

[email protected]CVE-2013-1635

HistoryMar 06, 2013 - 1:10 p.m.

CVE-2013-1635

2013-03-0613:10:27

CWE-264

[email protected]

web.nvd.nist.gov

169

php

cve

2013

1635

wsdl

validation

bypass

security

soap

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.018

Percentile

88.1%

JSON

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

Affected configurations

NVD

Node

phpphpRange≤5.3.21

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

phpphpMatch5.2.15

phpphpMatch5.2.16

phpphpMatch5.2.17

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

phpphpMatch5.3.6

phpphpMatch5.3.7

phpphpMatch5.3.8

phpphpMatch5.3.9

phpphpMatch5.3.10

phpphpMatch5.3.11

phpphpMatch5.3.12

phpphpMatch5.3.13

phpphpMatch5.3.14

phpphpMatch5.3.15

phpphpMatch5.3.16

phpphpMatch5.3.17

phpphpMatch5.3.18

phpphpMatch5.3.19

phpphpMatch5.3.20

Node

phpphpMatch5.4.0

phpphpMatch5.4.1

phpphpMatch5.4.2

phpphpMatch5.4.3

phpphpMatch5.4.4

phpphpMatch5.4.5

phpphpMatch5.4.6

phpphpMatch5.4.7

phpphpMatch5.4.8

phpphpMatch5.4.9

phpphpMatch5.4.10

phpphpMatch5.4.11

phpphpMatch5.4.12

VendorProductVersionCPE
phpphp5.0.0cpe:/a:php:php:5.0.0:beta1::
phpphp5.1.2cpe:/a:php:php:5.1.2:::
phpphp5.3.4cpe:/a:php:php:5.3.4:::
phpphp3.0.4cpe:/a:php:php:3.0.4:::
phpphp3.0.17cpe:/a:php:php:3.0.17:::
phpphp5.3.2cpe:/a:php:php:5.3.2:::
phpphp3.0.10cpe:/a:php:php:3.0.10:::
phpphp4.0.5cpe:/a:php:php:4.0.5:::
phpphp5.3.7cpe:/a:php:php:5.3.7:::
phpphp5.3.6cpe:/a:php:php:5.3.6:::

Vendor	Product	Version	CPE
php	php	5.0.0	cpe:/a:php:php:5.0.0:beta1::
php	php	5.1.2	cpe:/a:php:php:5.1.2:::
php	php	5.3.4	cpe:/a:php:php:5.3.4:::
php	php	3.0.4	cpe:/a:php:php:3.0.4:::
php	php	3.0.17	cpe:/a:php:php:3.0.17:::
php	php	5.3.2	cpe:/a:php:php:5.3.2:::
php	php	3.0.10	cpe:/a:php:php:3.0.10:::
php	php	4.0.5	cpe:/a:php:php:4.0.5:::
php	php	5.3.7	cpe:/a:php:php:5.3.7:::
php	php	5.3.6	cpe:/a:php:php:5.3.6:::