Lucene search

[email protected]CVE-2013-1643

HistoryMar 06, 2013 - 1:10 p.m.

CVE-2013-1643

2013-03-0613:10:27

CWE-200

[email protected]

web.nvd.nist.gov

123

php

soap

parser

vulnerability

file read

soap wsdl

xxe

cve-2013-1643

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.

Affected configurations

NVD

Node

phpphpRange≤5.3.21

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

phpphpMatch5.2.15

phpphpMatch5.2.16

phpphpMatch5.2.17

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

phpphpMatch5.3.6

phpphpMatch5.3.7

phpphpMatch5.3.8

phpphpMatch5.3.9

phpphpMatch5.3.10

phpphpMatch5.3.11

phpphpMatch5.3.12

phpphpMatch5.3.13

phpphpMatch5.3.14

phpphpMatch5.3.15

phpphpMatch5.3.16

phpphpMatch5.3.17

phpphpMatch5.3.18

phpphpMatch5.3.19

phpphpMatch5.3.20

Node

phpphpMatch5.4.0

phpphpMatch5.4.1

phpphpMatch5.4.2

phpphpMatch5.4.3

phpphpMatch5.4.4

phpphpMatch5.4.5

phpphpMatch5.4.6

phpphpMatch5.4.7

phpphpMatch5.4.8

phpphpMatch5.4.9

phpphpMatch5.4.10

phpphpMatch5.4.11

phpphpMatch5.4.12

VendorProductVersionCPE
phpphp5.0.0cpe:/a:php:php:5.0.0:beta1::
phpphp5.1.2cpe:/a:php:php:5.1.2:::
phpphp5.3.4cpe:/a:php:php:5.3.4:::
phpphp3.0.4cpe:/a:php:php:3.0.4:::
phpphp3.0.17cpe:/a:php:php:3.0.17:::
phpphp5.3.2cpe:/a:php:php:5.3.2:::
phpphp3.0.10cpe:/a:php:php:3.0.10:::
phpphp4.0.5cpe:/a:php:php:4.0.5:::
phpphp5.3.7cpe:/a:php:php:5.3.7:::
phpphp5.3.6cpe:/a:php:php:5.3.6:::

Vendor	Product	Version	CPE
php	php	5.0.0	cpe:/a:php:php:5.0.0:beta1::
php	php	5.1.2	cpe:/a:php:php:5.1.2:::
php	php	5.3.4	cpe:/a:php:php:5.3.4:::
php	php	3.0.4	cpe:/a:php:php:3.0.4:::
php	php	3.0.17	cpe:/a:php:php:3.0.17:::
php	php	5.3.2	cpe:/a:php:php:5.3.2:::
php	php	3.0.10	cpe:/a:php:php:3.0.10:::
php	php	4.0.5	cpe:/a:php:php:4.0.5:::
php	php	5.3.7	cpe:/a:php:php:5.3.7:::
php	php	5.3.6	cpe:/a:php:php:5.3.6:::