Back to search
CVE-2013-6501
Published: Mar 30, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=1009103
x_refsource_CONFIRM
SUSE-SU-2015:0436
vendor-advisory
x_refsource_SUSE
72530
vdb-entry
x_refsource_BID
GLSA-201606-10
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now