Back to search
CVE-2013-1643
Published: Mar 6, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1761-1
vendor-advisory
x_refsource_UBUNTU
https://bugs.gentoo.org/show_bug.cgi?id=459904
x_refsource_CONFIRM
MDVSA-2013:114
vendor-advisory
x_refsource_MANDRIVA
55078
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=918187
x_refsource_CONFIRM
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
APPLE-SA-2013-09-12-1
vendor-advisory
x_refsource_APPLE
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221
x_refsource_CONFIRM
RHSA-2013:1307
vendor-advisory
x_refsource_REDHAT
RHSA-2013:1615
vendor-advisory
x_refsource_REDHAT
DSA-2639
vendor-advisory
x_refsource_DEBIAN
SUSE-SU-2013:1315
vendor-advisory
x_refsource_SUSE
SUSE-SU-2013:1285
vendor-advisory
x_refsource_SUSE
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101
x_refsource_CONFIRM
http://support.apple.com/kb/HT5880
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now