Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1635
HistoryMar 06, 2013 - 12:00 a.m.

CVE-2013-1635

2013-03-0600:00:00
ubuntu.com
ubuntu.com
10

0.018 Low

EPSS

Percentile

88.1%

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not
validate the relationship between the soap.wsdl_cache_dir directive and the
open_basedir directive, which allows remote attackers to bypass intended
access restrictions by triggering the creation of cached SOAP WSDL files in
an arbitrary directory.

Bugs

Notes

Author Note
mdeslaur we do not support the use of open_basedir, marking as ignored