CVE-2013-1635

PHP < 5.3.22 and 5.4.x < 5.4.13 - Unauthenticated Directory Traversal via SOAP WSDL Cache

Title source: llm
STIX 2.1

Description

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

References (13)

Core 13
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=459904
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:114
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=918196
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2639
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5880

Scores

EPSS 0.0316
EPSS Percentile 87.1%

Details

CWE
CWE-264
Status published
Products (46)
php/php 1.0
php/php 2.0
php/php 2.0b10
php/php 3.0
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
... and 36 more
Published Mar 06, 2013
Tracked Since Feb 18, 2026