Lucene search

PRIOn knowledge basePRION:CVE-2013-1824

HistorySep 16, 2013 - 1:02 p.m.

Xxe

2013-09-1613:02:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.8%

JSON

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

CPENameOperatorVersion
mac_os_xge10.0.0
mac_os_xlt10.8.5
phplt5.3.22
phpge5.4.0
phplt5.4.12
enterprise_linuxeq6.0
enterprise_linuxeq5

Name	Operator	Version
mac_os_x	ge	10.0.0
mac_os_x	lt	10.8.5
php	lt	5.3.22
php	ge	5.4.0
php	lt	5.4.12
enterprise_linux	eq	6.0
enterprise_linux	eq	5

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d

git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4

lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html

support.apple.com/kb/HT5880

bugzilla.redhat.com/show_bug.cgi?id=918187

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for PRION:CVE-2013-1824