Lucene search
OpenJS FoundationFRIENDSOFPHP:OPENID:PHP-OPENID:CVE-2013-4701HistoryAug 12, 2013 - 1:41 a.m.
XML External Entity (XXE) issue
2013-08-1201:41:28
OpenJS Foundation
github.com
6
7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.2%
thanks to Kousuke Ebihara for the report and patch.
Affected configurations
Node
openidopenidRange<2.3.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| openid/php-openid | lt | 2.3.0 |
Related
openvas
openvas
Fedora Update for php-pear-Auth-OpenID FEDORA-2013-15258
2013-09-02 00:00:00
Fedora Update for php-pear-Auth-OpenID FEDORA-2013-15258
2013-09-02 00:00:00
Mageia: Security Advisory (MGASA-2013-0272)
2022-01-28 00:00:00
osv
osv
PHP OpenID Library Denial of Service vulnerability
2022-05-17 03:46:28
typo3
typo3
Multiple Vulnerabilities in TYPO3 CMS
2014-10-22 00:00:00
cvelist
cvelist
CVE-2013-4701
2013-08-21 16:00:00
prion
prion
Xxe
2013-08-21 16:55:00
friendsofphp
friendsofphp
XML External Entity (XXE) issue
2013-08-12 01:41:28
Denial of Service in OpenID System Extension
2014-10-22 09:14:28
fedora
fedora
[SECURITY] Fedora 19 Update: php-pear-Auth-OpenID-2.2.2-7.fc19
2013-09-01 23:09:06
[SECURITY] Fedora 18 Update: php-pear-Auth-OpenID-2.2.2-7.fc18
2013-09-01 23:09:23
nessus
nessus
Fedora 18 : php-pear-Auth-OpenID-2.2.2-7.fc18 (2013-15253)
2013-09-02 00:00:00
Fedora 19 : php-pear-Auth-OpenID-2.2.2-7.fc19 (2013-15258)
2013-09-02 00:00:00
openSUSE Security Update : typo3 (openSUSE-2016-959)
2016-08-12 00:00:00
github
github
PHP OpenID Library Denial of Service vulnerability
2022-05-17 03:46:28
jvn
jvn
JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection
2013-08-21 00:00:00
cve
cve
CVE-2013-4701
2013-08-21 16:55:11
mageia
mageia
Updated php-pear-Auth_OpenID package fixes security vulnerability
2013-09-14 00:07:12
ubuntucve
ubuntucve
CVE-2013-4701
2013-08-21 00:00:00
nvd
nvd
CVE-2013-4701
2013-08-21 16:55:11
suse
suse
Important security fixes for Typo3 (important)
2016-08-10 22:09:17
7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.2%
Related for FRIENDSOFPHP:OPENID:PHP-OPENID:CVE-2013-4701