DSA-2639-1 php5 -- several vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | March 06, 2013 | March 08, 2013 | July 04, 2017 |
Description
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
debian-upgrade-php5Related Vulnerabilities
- ELSA-2013-1814 Critical: Oracle Linux php security update
- PHP Vulnerability: CVE-2013-1635
- Oracle Solaris 11: CVE-2013-1643: Vulnerability in PHP
- Gentoo Linux: CVE-2013-1643: PHP: Multiple vulnerabilities
- Oracle Solaris 11: CVE-2013-1635: Vulnerability in PHP
- FreeBSD: php5 -- Multiple vulnerabilities (Multiple CVEs)
- Alpine Linux: CVE-2013-1643: Multiple vulnerabilities in php < 5.3.22 allows remote information disclosure
- OS X update for Apache (CVE-2013-1635)
- RHSA-2013:1307: php53 security, bug fix and enhancement update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- OS X update for PHP (CVE-2013-1635)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- SUSE Linux Security Vulnerability: CVE-2013-1635
- SUSE Linux Security Vulnerability: CVE-2013-1643
- RHSA-2013:1615: php security, bug fix, and enhancement update
- USN-1761-1: PHP vulnerability
- OS X update for PHP (CVE-2013-1643)
- Gentoo Linux: CVE-2013-1635: PHP: Multiple vulnerabilities
- ELSA-2013-1307 Moderate: Oracle Linux php53 security, bug fix and enhancement update
- ELSA-2013-1615 Moderate: Oracle Linux php security, bug fix, and enhancement update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- Alpine Linux: CVE-2013-1635: Multiple vulnerabilities in php < 5.3.22 allows remote information disclosure
- RHSA-2013:1814: php security update
- PHP Vulnerability: CVE-2013-1643
- OS X update for Apache (CVE-2013-1643)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 3
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6