Lucene search

K
osvGoogleOSV:DSA-2639-1
HistoryMar 05, 2013 - 12:00 a.m.

php5 - several vulnerabilities

2013-03-0500:00:00
Google
osv.dev
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:

  • CVE-2013-1635
    If a PHP application accepted untrusted SOAP object input remotely
    from clients, an attacker could read system files readable for the
    webserver.
  • CVE-2013-1643
    The soap.wsdl_cache_dir function did not take PHP open_basedir
    restrictions into account. Note that Debian advises against relying
    on open_basedir restrictions for security.

For the stable distribution (squeeze), these problems have been fixed in
version 5.3.3-7+squeeze15.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 5.4.4-14.

We recommend that you upgrade your php5 packages.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P