QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1824

Published: Sep 16, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html

x_refsource_CONFIRM

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=918187

x_refsource_CONFIRM

APPLE-SA-2013-09-12-1

vendor-advisory

x_refsource_APPLE

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4

x_refsource_CONFIRM

http://support.apple.com/kb/HT5880

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.