CVE-2013-6501

PHP < 5.6.7 - WSDL Injection via Predictable /tmp Cache Filename

Title source: llm

Description

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1009103

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/72530

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201606-10

Scores

EPSS 0.0005

EPSS Percentile 16.4%

Details

CWE

CWE-74

Status published

Products (2)

php/php < 5.6.7

suse/linux_enterprise_server 11.0 sp3 (2 CPE variants)

Published Mar 30, 2015

Tracked Since Feb 18, 2026