CVE-2013-1643
PHP < 5.3.23 and 5.4.x < 5.4.13 - XML External Entity Injection via SOAP WSDL Parser
Title source: llmDescription
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
References (16)
Core 16
Core References
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1307.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1615.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1761-1
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=459904
Various Sources x_refsource_confirm
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:114
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55078
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=918187
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2639
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5880
Scores
EPSS
0.0103
EPSS Percentile
77.6%
Details
CWE
CWE-200
Status
published
Products (46)
php/php
1.0
php/php
2.0
php/php
2.0b10
php/php
3.0
php/php
3.0.1
php/php
3.0.2
php/php
3.0.3
php/php
3.0.4
php/php
3.0.5
php/php
3.0.6
... and 36 more
Published
Mar 06, 2013
Tracked Since
Feb 18, 2026