Lucene search
Ubuntu.comUB:CVE-2013-6501HistoryMar 30, 2015 - 12:00 a.m.
CVE-2013-6501
2015-03-3000:00:00
ubuntu.com
ubuntu.com
14
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
16.2%
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2)
php.ini-development in PHP through 5.6.7 specifies the /tmp directory,
which makes it easier for local users to conduct WSDL injection attacks by
creating a file under /tmp with a predictable filename that is used by the
get_sdl function in ext/soap/php_sdl.c.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | we will not be fixing this issue. In environments where this issue is problematic, we recommend setting soap.wsdl_cache_dir to another location |
Related
cve
cve
CVE-2013-6501
2015-03-30 10:59:00
cvelist
cvelist
CVE-2013-6501
2015-03-30 10:00:00
nvd
nvd
CVE-2013-6501
2015-03-30 10:59:00
prion
prion
Design/Logic Flaw
2015-03-30 10:59:00
openvas
openvas
PHP Multiple Vulnerabilities - 01 (Jul 2015) - Linux
2015-07-23 00:00:00
PHP Multiple Vulnerabilities - 01 (Jul 2015) - Windows
2015-07-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0436-1)
2021-06-09 00:00:00
suse
suse
Security update for PHP 5.3 (important)
2015-03-05 21:04:56
nessus
nessus
SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 10370)
2015-03-06 00:00:00
GLSA-201606-10 : PHP: Multiple vulnerabilities
2016-06-20 00:00:00
RHEL 6 : php (Unpatched Vulnerability)
2024-06-03 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
16.2%
Related for UB:CVE-2013-6501