|Package(s):||php||CVE #(s):||CVE-2013-1635 CVE-2013-1643|
|Created:||February 28, 2013||Updated:||June 20, 2013|
From the Mandriva advisory:
PHP does not validate the configration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations (CVE-2013-1635).
PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter (CVE-2013-1643).
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds