Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1824
HistorySep 16, 2013 - 12:00 a.m.

CVE-2013-1824

2013-09-1600:00:00
ubuntu.com
ubuntu.com
11

0.002 Low

EPSS

Percentile

52.7%

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote
attackers to read arbitrary files via a SOAP WSDL file containing an XML
external entity declaration in conjunction with an entity reference,
related to an XML External Entity (XXE) issue in the soap_xmlParseFile and
soap_xmlParseMemory functions.

Notes

Author Note
mdeslaur this CVE is for an incomplete fix for CVE-2013-1643. Our CVE-2013-1643 did in fact have the complete fix, so we were not affected by this.
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.27UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.19UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.10UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.6UNKNOWN
ubuntu12.10noarchphp5< 5.4.6-1ubuntu1.2UNKNOWN