CVE-2013-1635

Severity

75%

Complexity

99%

Confidentiality

106%

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

PHP

First reported 11 years ago

2013-03-06 13:10:00

Last updated 11 years ago

2014-01-28 04:51:00

Affected Software

PHP PHP_FI 1.0

1.0

PHP PHP_FI 2.0

2.0

PHP PHP_FI 2.0b10

2.0b10

PHP PHP 3.0

3.0

PHP PHP 3.0.1

3.0.1

PHP PHP 3.0.2

3.0.2

PHP PHP 3.0.3

3.0.3

PHP PHP 3.0.4

3.0.4

PHP PHP 3.0.5

3.0.5

PHP PHP 3.0.6

3.0.6

PHP PHP 3.0.7

3.0.7

PHP PHP 3.0.8

3.0.8

PHP PHP 3.0.9

3.0.9

PHP PHP 3.0.10

3.0.10

PHP PHP 3.0.11

3.0.11

PHP PHP 3.0.12

3.0.12

PHP PHP 3.0.13

3.0.13

PHP PHP 3.0.14

3.0.14

PHP PHP 3.0.15

3.0.15

PHP PHP 3.0.16

3.0.16

PHP PHP 3.0.17

3.0.17

PHP PHP 3.0.18

3.0.18

PHP PHP 4.0 Beta 1

4.0

PHP PHP 4.0 Beta 2

4.0

PHP PHP 4.0 Beta 3

4.0

PHP PHP 4.0 Beta 4

4.0

PHP PHP 4.0 Beta 4 Patch Level 1

4.0

PHP PHP 4.0.0

4.0.0

PHP PHP 4.0.1

4.0.1

PHP PHP 4.0.2

4.0.2

PHP PHP 4.0.3

4.0.3

PHP PHP 4.0.4

4.0.4

PHP PHP 4.0.5

4.0.5

PHP PHP 4.0.6

4.0.6

PHP PHP 4.0.7

4.0.7

PHP PHP 4.1.0

4.1.0

PHP PHP 4.1.1

4.1.1

PHP PHP 4.1.2

4.1.2

PHP PHP 4.2.0

4.2.0

PHP PHP 4.2.1

4.2.1

PHP PHP 4.2.2

4.2.2

PHP PHP 4.2.3

4.2.3

PHP PHP 4.3.0

4.3.0

PHP PHP 4.3.1

4.3.1

PHP PHP 4.3.2

4.3.2

PHP PHP 4.3.3

4.3.3

PHP PHP 4.3.4

4.3.4

PHP PHP 4.3.5

4.3.5

PHP PHP 4.3.6

4.3.6

PHP PHP 4.3.7

4.3.7

PHP PHP 4.3.8

4.3.8

PHP PHP 4.3.9

4.3.9

PHP PHP 4.3.10

4.3.10

PHP PHP 4.3.11

4.3.11

PHP PHP 4.4.0

4.4.0

PHP PHP 4.4.1

4.4.1

PHP PHP 4.4.2

4.4.2

PHP PHP 4.4.3

4.4.3

PHP PHP 4.4.4

4.4.4

PHP PHP 4.4.5

4.4.5

PHP PHP 4.4.6

4.4.6

PHP PHP 4.4.7

4.4.7

PHP 4.4.8

4.4.8

PHP 4.4.9

4.4.9

PHP PHP 5.0.0

5.0.0

PHP PHP 5.0.0 Beta1

5.0.0

PHP PHP 5.0.0 Beta2

5.0.0

PHP PHP 5.0.0 Beta3

5.0.0

PHP PHP 5.0.0 Beta4

5.0.0

PHP PHP 5.0.0 RC1

5.0.0

PHP PHP 5.0.0 RC2

5.0.0

PHP PHP 5.0.0 RC3

5.0.0

PHP PHP 5.0.1

5.0.1

PHP PHP 5.0.2

5.0.2

PHP PHP 5.0.3

5.0.3

PHP PHP 5.0.4

5.0.4

PHP PHP 5.0.5

5.0.5

PHP PHP 5.1.0

5.1.0

PHP PHP 5.1.1

5.1.1

PHP PHP 5.1.2

5.1.2

PHP PHP 5.1.3

5.1.3

PHP 5.1.4

5.1.4

PHP PHP 5.1.5

5.1.5

PHP PHP 5.1.6

5.1.6

PHP 5.2.0

5.2.0

PHP 5.2.1

5.2.1

PHP 5.2.2

5.2.2

PHP 5.2.3

5.2.3

PHP 5.2.4

5.2.4

PHP 5.2.5

5.2.5

PHP 5.2.6

5.2.6

PHP 5.2.7

5.2.7

PHP 5.2.8

5.2.8

PHP 5.2.9

5.2.9

PHP 5.2.10

5.2.10

PHP 5.2.11

5.2.11

PHP 5.2.12

5.2.12

PHP 5.2.13

5.2.13

PHP 5.2.14

5.2.14

PHP 5.2.15

5.2.15

PHP 5.2.16

5.2.16

PHP 5.2.17

5.2.17

PHP 5.3.0

5.3.0

PHP 5.3.1

5.3.1

PHP 5.3.2

5.3.2

PHP 5.3.3

5.3.3

PHP 5.3.4

5.3.4

PHP 5.3.5

5.3.5

PHP 5.3.6

5.3.6

PHP 5.3.7

5.3.7

PHP 5.3.8

5.3.8

PHP 5.3.9

5.3.9

PHP 5.3.10

5.3.10

PHP 5.3.11

5.3.11

PHP 5.3.12

5.3.12

PHP 5.3.13

5.3.13

PHP 5.3.14

5.3.14

PHP 5.3.15

5.3.15

PHP 5.3.16

5.3.16

PHP 5.3.17

5.3.17

PHP 5.3.18

5.3.18

PHP 5.3.19

5.3.19

PHP 5.3.20

5.3.20

PHP PHP

PHP 5.4.0

5.4.0

PHP 5.4.1

5.4.1

PHP 5.4.2

5.4.2

PHP 5.4.3

5.4.3

PHP 5.4.4

5.4.4

PHP 5.4.5

5.4.5

PHP 5.4.6

5.4.6

PHP 5.4.7

5.4.7

PHP 5.4.8

5.4.8

PHP 5.4.9

5.4.9

PHP 5.4.10

5.4.10

PHP 5.4.11

5.4.11

PHP 5.4.12

5.4.12

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221

http://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=36f6f9a4396d3034cc903a4271e7fdeccc5d3ea6;hb=refs/heads/PHP-5.4

http://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=82afa3a040e639f3595121e45b850d5453906a00;hb=refs/heads/PHP-5.3

http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74

APPLE-SA-2013-09-12-1

SUSE-SU-2013:1285

SUSE-SU-2013:1315

http://support.apple.com/kb/HT5880

DSA-2639

MDVSA-2013:114

https://bugs.gentoo.org/show_bug.cgi?id=459904

https://bugzilla.redhat.com/show_bug.cgi?id=918196

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.