Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-1643 (GCVE-0-2013-1643)
Vulnerability from cvelistv5 – Published: 2013-03-06 11:00 – Updated: 2024-08-06 15:13
VLAI?
EPSS
Summary
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1761-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1761-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"name": "MDVSA-2013:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"name": "55078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"name": "RHSA-2013:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"name": "RHSA-2013:1615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"name": "DSA-2639",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"name": "SUSE-SU-2013:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"name": "SUSE-SU-2013:1285",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-24T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1761-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1761-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"name": "MDVSA-2013:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"name": "55078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"name": "RHSA-2013:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"name": "RHSA-2013:1615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"name": "DSA-2639",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"name": "SUSE-SU-2013:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"name": "SUSE-SU-2013:1285",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1761-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1761-1"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=459904",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"name": "MDVSA-2013:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"name": "55078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55078"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918187",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"name": "RHSA-2013:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"name": "RHSA-2013:1615",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"name": "DSA-2639",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"name": "SUSE-SU-2013:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"name": "SUSE-SU-2013:1285",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1643",
"datePublished": "2013-03-06T11:00:00.000Z",
"dateReserved": "2013-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:13:32.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2013-1643
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-1643",
"description": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.",
"id": "GSD-2013-1643",
"references": [
"https://www.suse.com/security/cve/CVE-2013-1643.html",
"https://www.debian.org/security/2013/dsa-2639",
"https://access.redhat.com/errata/RHSA-2013:1814",
"https://access.redhat.com/errata/RHSA-2013:1615",
"https://access.redhat.com/errata/RHSA-2013:1307",
"https://linux.oracle.com/cve/CVE-2013-1643.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-1643"
],
"details": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.",
"id": "GSD-2013-1643",
"modified": "2023-12-13T01:22:21.113131Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1761-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1761-1"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=459904",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"name": "MDVSA-2013:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"name": "55078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55078"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918187",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"name": "RHSA-2013:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"name": "RHSA-2013:1615",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"name": "DSA-2639",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"name": "SUSE-SU-2013:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"name": "SUSE-SU-2013:1285",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.3.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1643"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918187",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=459904",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"name": "DSA-2639",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"name": "USN-1761-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-1761-1"
},
{
"name": "SUSE-SU-2013:1285",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"name": "SUSE-SU-2013:1315",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6",
"refsource": "CONFIRM",
"tags": [],
"url": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "55078",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/55078"
},
{
"name": "RHSA-2013:1307",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"name": "RHSA-2013:1615",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"name": "MDVSA-2013:114",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101",
"refsource": "CONFIRM",
"tags": [],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-01-28T04:51Z",
"publishedDate": "2013-03-06T13:10Z"
}
}
}
CERTA-2013-AVI-529
Vulnerability from certfr_avis - Published: 2013-09-13 - Updated: 2013-09-13
De multiples vulnérabilités ont été corrigées dans Apple OS X Mountain Lion. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple OS X Mountain Lion versions antérieures à 10.8.5
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApple OS X Mountain Lion versions ant\u00e9rieures \u00e0 10.8.5\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5166"
},
{
"name": "CVE-2013-1027",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1027"
},
{
"name": "CVE-2012-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
},
{
"name": "CVE-2013-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
},
{
"name": "CVE-2013-1029",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1029"
},
{
"name": "CVE-2013-1899",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1899"
},
{
"name": "CVE-2013-1901",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1901"
},
{
"name": "CVE-2013-1032",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1032"
},
{
"name": "CVE-2012-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
},
{
"name": "CVE-2013-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
},
{
"name": "CVE-2013-1031",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1031"
},
{
"name": "CVE-2012-5688",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5688"
},
{
"name": "CVE-2013-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
},
{
"name": "CVE-2013-1033",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1033"
},
{
"name": "CVE-2012-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2686"
},
{
"name": "CVE-2012-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3817"
},
{
"name": "CVE-2013-2021",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2021"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"name": "CVE-2013-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1025"
},
{
"name": "CVE-2013-1028",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1028"
},
{
"name": "CVE-2013-1903",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1903"
},
{
"name": "CVE-2013-2020",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2020"
},
{
"name": "CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"name": "CVE-2013-1900",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1900"
},
{
"name": "CVE-2013-1824",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1824"
},
{
"name": "CVE-2013-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2110"
},
{
"name": "CVE-2013-2266",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2266"
},
{
"name": "CVE-2013-1026",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1026"
},
{
"name": "CVE-2013-1902",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1902"
},
{
"name": "CVE-2012-0883",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0883"
},
{
"name": "CVE-2013-1030",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1030"
}
],
"initial_release_date": "2013-09-13T00:00:00",
"last_revision_date": "2013-09-13T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-529",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X Mountain Lion\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X Mountain Lion",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 12 septembre 2013",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
}
]
}
CERTFR-2014-AVI-480
Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPOS versions antérieures à 6.6R2 | ||
| ESET | Security | Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2 | ||
| Juniper Networks | N/A | CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6 | ||
| Juniper Networks | Junos Space | Junos Space jusqu'à la version 13.3 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2 | ||
| ESET | Security | Network and Security Manager (NSM) version 2012.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Network and Security Manager (NSM) version 2012.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3158",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
},
{
"name": "CVE-2010-3853",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2010-3081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
},
{
"name": "CVE-2012-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
},
{
"name": "CVE-2012-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
},
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2012-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
},
{
"name": "CVE-2014-4827",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
},
{
"name": "CVE-2013-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2013-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2012-0788",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
},
{
"name": "CVE-2010-4755",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
},
{
"name": "CVE-2013-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2014-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
},
{
"name": "CVE-2013-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
},
{
"name": "CVE-2013-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
},
{
"name": "CVE-2010-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
},
{
"name": "CVE-2014-7169",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2011-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
},
{
"name": "CVE-2011-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2014-4825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
},
{
"name": "CVE-2010-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
},
{
"name": "CVE-2012-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
},
{
"name": "CVE-2009-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2014-6271",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2010-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2012-2311",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4830",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
},
{
"name": "CVE-2011-3368",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2014-4828",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
},
{
"name": "CVE-2014-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
},
{
"name": "CVE-2010-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
},
{
"name": "CVE-2012-0831",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2012-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2010-2956",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2014-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
},
{
"name": "CVE-2011-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
},
{
"name": "CVE-2014-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2014-6278",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
},
{
"name": "CVE-2012-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
},
{
"name": "CVE-2011-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-5107",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
},
{
"name": "CVE-2009-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
},
{
"name": "CVE-2010-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
},
{
"name": "CVE-2012-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
},
{
"name": "CVE-2011-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
},
{
"name": "CVE-2010-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-2337",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
},
{
"name": "CVE-2014-3091",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2014-11-13T00:00:00",
"last_revision_date": "2014-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-480",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
}
]
}
GHSA-G625-6QFM-GM8R
Vulnerability from github – Published: 2022-05-17 04:53 – Updated: 2025-04-11 04:08
VLAI?
Details
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
{
"affected": [],
"aliases": [
"CVE-2013-1643"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-03-06T13:10:00Z",
"severity": "MODERATE"
},
"details": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.",
"id": "GHSA-g625-6qfm-gm8r",
"modified": "2025-04-11T04:08:06Z",
"published": "2022-05-17T04:53:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1643"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"type": "WEB",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/55078"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5880"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1761-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2013-1643
Vulnerability from fkie_nvd - Published: 2013-03-06 13:10 - Updated: 2025-04-11 00:51
Severity ?
Summary
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221 | ||
| cve@mitre.org | http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2013-1307.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2013-1615.html | ||
| cve@mitre.org | http://secunia.com/advisories/55078 | ||
| cve@mitre.org | http://support.apple.com/kb/HT5880 | ||
| cve@mitre.org | http://www.debian.org/security/2013/dsa-2639 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:114 | ||
| cve@mitre.org | http://www.php.net/ChangeLog-5.php | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1761-1 | ||
| cve@mitre.org | https://bugs.gentoo.org/show_bug.cgi?id=459904 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=918187 | ||
| cve@mitre.org | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-1307.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-1615.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55078 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5880 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.php.net/ChangeLog-5.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1761-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=459904 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=918187 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php | php | * | |
| php | php | 1.0 | |
| php | php | 2.0 | |
| php | php | 2.0b10 | |
| php | php | 3.0 | |
| php | php | 3.0.1 | |
| php | php | 3.0.2 | |
| php | php | 3.0.3 | |
| php | php | 3.0.4 | |
| php | php | 3.0.5 | |
| php | php | 3.0.6 | |
| php | php | 3.0.7 | |
| php | php | 3.0.8 | |
| php | php | 3.0.9 | |
| php | php | 3.0.10 | |
| php | php | 3.0.11 | |
| php | php | 3.0.12 | |
| php | php | 3.0.13 | |
| php | php | 3.0.14 | |
| php | php | 3.0.15 | |
| php | php | 3.0.16 | |
| php | php | 3.0.17 | |
| php | php | 3.0.18 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0.0 | |
| php | php | 4.0.1 | |
| php | php | 4.0.2 | |
| php | php | 4.0.3 | |
| php | php | 4.0.4 | |
| php | php | 4.0.5 | |
| php | php | 4.0.6 | |
| php | php | 4.0.7 | |
| php | php | 4.1.0 | |
| php | php | 4.1.1 | |
| php | php | 4.1.2 | |
| php | php | 4.2.0 | |
| php | php | 4.2.1 | |
| php | php | 4.2.2 | |
| php | php | 4.2.3 | |
| php | php | 4.3.0 | |
| php | php | 4.3.1 | |
| php | php | 4.3.2 | |
| php | php | 4.3.3 | |
| php | php | 4.3.4 | |
| php | php | 4.3.5 | |
| php | php | 4.3.6 | |
| php | php | 4.3.7 | |
| php | php | 4.3.8 | |
| php | php | 4.3.9 | |
| php | php | 4.3.10 | |
| php | php | 4.3.11 | |
| php | php | 4.4.0 | |
| php | php | 4.4.1 | |
| php | php | 4.4.2 | |
| php | php | 4.4.3 | |
| php | php | 4.4.4 | |
| php | php | 4.4.5 | |
| php | php | 4.4.6 | |
| php | php | 4.4.7 | |
| php | php | 4.4.8 | |
| php | php | 4.4.9 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.1 | |
| php | php | 5.0.2 | |
| php | php | 5.0.3 | |
| php | php | 5.0.4 | |
| php | php | 5.0.5 | |
| php | php | 5.1.0 | |
| php | php | 5.1.1 | |
| php | php | 5.1.2 | |
| php | php | 5.1.3 | |
| php | php | 5.1.4 | |
| php | php | 5.1.5 | |
| php | php | 5.1.6 | |
| php | php | 5.2.0 | |
| php | php | 5.2.1 | |
| php | php | 5.2.2 | |
| php | php | 5.2.3 | |
| php | php | 5.2.4 | |
| php | php | 5.2.5 | |
| php | php | 5.2.6 | |
| php | php | 5.2.7 | |
| php | php | 5.2.8 | |
| php | php | 5.2.9 | |
| php | php | 5.2.10 | |
| php | php | 5.2.11 | |
| php | php | 5.2.12 | |
| php | php | 5.2.13 | |
| php | php | 5.2.14 | |
| php | php | 5.2.15 | |
| php | php | 5.2.16 | |
| php | php | 5.2.17 | |
| php | php | 5.3.0 | |
| php | php | 5.3.1 | |
| php | php | 5.3.2 | |
| php | php | 5.3.3 | |
| php | php | 5.3.4 | |
| php | php | 5.3.5 | |
| php | php | 5.3.6 | |
| php | php | 5.3.7 | |
| php | php | 5.3.8 | |
| php | php | 5.3.9 | |
| php | php | 5.3.10 | |
| php | php | 5.3.11 | |
| php | php | 5.3.12 | |
| php | php | 5.3.13 | |
| php | php | 5.3.14 | |
| php | php | 5.3.15 | |
| php | php | 5.3.16 | |
| php | php | 5.3.17 | |
| php | php | 5.3.18 | |
| php | php | 5.3.19 | |
| php | php | 5.3.20 | |
| php | php | 5.4.0 | |
| php | php | 5.4.1 | |
| php | php | 5.4.2 | |
| php | php | 5.4.3 | |
| php | php | 5.4.4 | |
| php | php | 5.4.5 | |
| php | php | 5.4.6 | |
| php | php | 5.4.7 | |
| php | php | 5.4.8 | |
| php | php | 5.4.9 | |
| php | php | 5.4.10 | |
| php | php | 5.4.11 | |
| php | php | 5.4.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA0F49B-22B0-4D80-A0D9-B562D2767CE8",
"versionEndIncluding": "5.3.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92647629-083F-4042-8365-4AD2EBC9C1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF72E8D5-9F8C-4BD4-9AA4-28E23CB48A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*",
"matchCriteriaId": "83BE1120-6370-4470-8586-6581EDF3FD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "245C601D-0FE7-47E3-8304-6FF45E9567D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691BB8BB-329A-4640-B758-7590C99B5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BC4CCE-2774-463E-82EA-36CD442D3A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C478024C-2FCD-463F-A75E-E04660AA9DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9C32F4-5102-4E9B-9F32-B24B65A5ED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BD99C0-E875-496E-BE5E-A8DCBD414B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1851ADE5-C70C-46E0-941A-6ADF7DB5C126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69DA3BA2-AF53-4C9D-93FA-0317841595B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0CFEE5-2274-4BBC-A24A-3A0D13F607FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "67B59D6A-7EDA-4C34-81D6-C2557C85D164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBA40B6-8FDF-41AA-8166-F491FF7F3118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E2B72-A428-4BB3-B6F8-0AF5E487A807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2F1D82-8E6A-4FBF-9055-A0F395DC17FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "945FF149-3446-4905-BCA1-C397E3497B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E446DBD-FEFA-4D22-9C9D-51F61C01E414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8DE728-78E1-4F9F-BC56-CD9B10E61287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "80E31CC6-9356-4BB7-9F49-320AAF341E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB8AD3A-9181-459A-9AF2-B3FC6BAF6FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3E7199-8FB7-4930-9C0A-A36A698940B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "AEEF2298-98E8-409F-9205-84817CEF947B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6AFC00BA-D64D-4407-AC69-FDD9FF013943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D80F2A8B-B57F-4970-867A-55E8187C1502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EF4E0EFE-4FF6-4E8F-8EC5-68B059FC0C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "49965B80-DC27-4864-BDF0-CBBFF16BFD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF57C14-86B6-419A-BAFF-93D01CB1E081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B7BA75-2A32-4A8E-ADF8-BCB4FC48CB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEA491B-77FD-4760-8F6F-3EBC6BD810D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB25CFBB-347C-479E-8853-F49DD6CBD7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2937B3-D034-400E-84F5-33833CE3764D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71AEE8B4-FCF8-483B-8D4C-2E80A02E925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2AF1D9-33B6-4B2C-9269-426B6B720164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84B70263-37AA-4539-A286-12038A3792C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E46E4B4-808C-4B47-81D9-EC2B02A5E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF30D7F-353B-4496-9A89-4EF2BB279E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD97DF34-35AB-4979-96E2-B23DC8556A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5336A-14AA-483E-9CBE-A7B53120B925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3AADA875-E0EA-483A-A07E-2914FE969972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "95D48A71-B84E-4B6C-9603-B3373052E568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAB7D55-F155-43F9-A563-F2E35CFFEF26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "72243A3F-6BFD-472B-9EA4-82BE4253ED27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E415CC22-09CA-47D2-9F1A-0BCA8960835B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4933D9DD-A630-4A3D-9D13-9E182F5F6F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E6D530-91FC-42F4-A427-6601238E0187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC938DB-E066-407F-BDF8-61A1C41136F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDF768D-7F5A-4042-B7DD-398F65F3F094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3F1891-032D-409C-904C-A415D2323DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B13826D-06B2-4A46-AB24-092F6935958D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6528FC-51BE-4E30-B282-D9841553BA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "66CF9452-6225-4726-822B-C7CD620A1D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A953FF53-1106-42D3-BE4A-4F27C7C42F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D2F015-A38D-43C6-ADC6-A0EFCE150071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "75A8FF8E-A26A-45AD-BD91-9B4822581CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27C2F9-73BE-46EF-B5ED-8D407D22D12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "EB212796-B71B-4F6B-9156-9C5178FF0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBCD79D-3821-4538-B6F1-49F51E5983E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B66E709F-E34E-4744-8970-0F70F95A8761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D20691D0-3102-4E82-BED9-9E7B67F9F778",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B9B8D2-78B7-4B17-955B-741C7A6F6634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA2A940-BD69-4D35-AF12-432CB929248B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29BD13F9-86C8-44C4-A860-9A87870A518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B361FDE-9F6A-4E9A-96F1-619DC56EECB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBD9E7B-1237-47A8-8A07-5CC5246A9C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2BB41E-2096-4291-B0ED-06825FDFE8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA94F7-1AF9-415C-AC21-30BC25C74C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A739A0-698A-422B-886B-430A79F6E945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "086E0D24-A43E-4CEA-9FB0-FE193B88CC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8D0963-8CA5-4814-9B6D-4E1C3907737B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "77A4B7E0-C872-4E53-AD72-1BB2755E4FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EECCD553-53D5-485E-8C21-E2A5070833B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "95357C79-A754-4E0C-B65B-0FA241962B12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824."
},
{
"lang": "es",
"value": "El parser SOAP en PHP v5.3.22 y v5.4.x anterior a v5.4.13 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de un archivo SOAP WSDL conteniendo una entidad externa XML en relaci\u00f3n con una referencia de entidad, relacionada con la External Entity (XXE) XML en las funciones soap_xmlParseFile y soap_xmlParseMemory."
}
],
"id": "CVE-2013-1643",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-06T13:10:27.230",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"source": "cve@mitre.org",
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55078"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT5880"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"source": "cve@mitre.org",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1761-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8e76d0404b7f664ee6719fd98f0483f0ac4669d6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1761-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=459904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-1643
Vulnerability from fstec - Published: 06.03.2013
VLAI Severity ?
Title
Уязвимость синтаксического анализатора SOAP интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость интерпретатора языка программирования PHP связана с раскрытием защищаемой информации. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, защищаемую информацию через файл SOAP WSDL
Severity ?
Vendor
Red Hat Inc., Canonical Ltd., Novell Inc., Сообщество свободного программного обеспечения, PHP Group
Software Name
Red Hat Enterprise Linux, Ubuntu, OpenSUSE Leap, Debian GNU/Linux, PHP
Software Version
5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 11.10 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.5 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 4.0.7 (PHP), 3.0.11 (PHP), 3.0.18 (PHP), 3.0.4 (PHP), 3.0.8 (PHP), 3.0.5 (PHP), 5.3.11 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.3.10 (PHP), 5.3.8 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.3.12 (PHP), 12.10 (Ubuntu), 5.3.19 (PHP), 5.3.18 (PHP), 5.3.13 (PHP), 4.4.8 (PHP), 4.3.0 (PHP), 4.4.4 (PHP), 4.0.5 (PHP), 5.3.15 (PHP), 5.3.14 (PHP), 5.3.20 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 4.3.11 (PHP), 4.3.4 (PHP), 4.2.2 (PHP), 4.4.5 (PHP), 4.4.2 (PHP), 4.4.3 (PHP), 4.0.1 (PHP), 4.0.0 (PHP), 4.0.2 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 4.2.3 (PHP), 4.4.0 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc1 (PHP), 5.0.0rc2 (PHP), 4.2.1 (PHP), 4.3.9 (PHP), 4.0beta4 (PHP), 4.0.6 (PHP), 3.0.7 (PHP), 3.0.12 (PHP), 3.0.1 (PHP), 3.0.14 (PHP), 3.0.17 (PHP), 2.0 (PHP), 1.0 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.1.2 (PHP), 5.0.5 (PHP), 5.3.17 (PHP), 5.3.16 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), 4.3.3 (PHP), 3.0 (PHP), 3.0.16 (PHP), 3.0.9 (PHP), 4.4.6 (PHP), 4.4.7 (PHP), 4.1.0 (PHP), 3.0.2 (PHP), до 5.3.21 включительно (PHP)
Possible Mitigations
Использование рекомендаций:
https://www.php.net/ChangeLog-5.php
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2013-1643
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1643.xml
Для Ubuntu:
https://ubuntu.com/security/CVE-2013-1643
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2013-1643
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=918187
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221
https://bugs.gentoo.org/show_bug.cgi?id=459904
http://www.debian.org/security/2013/dsa-2639
http://www.ubuntu.com/usn/USN-1761-1
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6
http://www.php.net/ChangeLog-5.php
http://support.apple.com/kb/HT5880
http://secunia.com/advisories/55078
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://rhn.redhat.com/errata/RHSA-2013-1615.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:114
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 11.10 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.5 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 4.0.7 (PHP), 3.0.11 (PHP), 3.0.18 (PHP), 3.0.4 (PHP), 3.0.8 (PHP), 3.0.5 (PHP), 5.3.11 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.3.10 (PHP), 5.3.8 (PHP), 5.3.1 (PHP), 5.3.7 (PHP), 5.3.12 (PHP), 12.10 (Ubuntu), 5.3.19 (PHP), 5.3.18 (PHP), 5.3.13 (PHP), 4.4.8 (PHP), 4.3.0 (PHP), 4.4.4 (PHP), 4.0.5 (PHP), 5.3.15 (PHP), 5.3.14 (PHP), 5.3.20 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 4.3.11 (PHP), 4.3.4 (PHP), 4.2.2 (PHP), 4.4.5 (PHP), 4.4.2 (PHP), 4.4.3 (PHP), 4.0.1 (PHP), 4.0.0 (PHP), 4.0.2 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 4.2.3 (PHP), 4.4.0 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.4 (PHP), 5.0.3 (PHP), 5.0.0rc1 (PHP), 5.0.0rc2 (PHP), 4.2.1 (PHP), 4.3.9 (PHP), 4.0beta4 (PHP), 4.0.6 (PHP), 3.0.7 (PHP), 3.0.12 (PHP), 3.0.1 (PHP), 3.0.14 (PHP), 3.0.17 (PHP), 2.0 (PHP), 1.0 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.1.3 (PHP), 5.1.2 (PHP), 5.0.5 (PHP), 5.3.17 (PHP), 5.3.16 (PHP), 5.0.1 (PHP), 5.0.0rc3 (PHP), 4.3.3 (PHP), 3.0 (PHP), 3.0.16 (PHP), 3.0.9 (PHP), 4.4.6 (PHP), 4.4.7 (PHP), 4.1.0 (PHP), 3.0.2 (PHP), \u0434\u043e 5.3.21 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PHP)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.php.net/ChangeLog-5.php\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2013-1643\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1643.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2013-1643\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2013-1643",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.03.2013",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02633",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2013-1643",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, OpenSUSE Leap, Debian GNU/Linux, PHP",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Canonical Ltd. Ubuntu 12.04 , Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 11.10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 , Canonical Ltd. Ubuntu 8.04 , Canonical Ltd. Ubuntu 12.10 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0430 SOAP \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b SOAP WSDL",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.redhat.com/show_bug.cgi?id=918187\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221\nhttps://bugs.gentoo.org/show_bug.cgi?id=459904\nhttp://www.debian.org/security/2013/dsa-2639\nhttp://www.ubuntu.com/usn/USN-1761-1\nhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html\nhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html\nhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html\nhttp://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6\nhttp://www.php.net/ChangeLog-5.php\nhttp://support.apple.com/kb/HT5880\nhttp://secunia.com/advisories/55078\nhttp://rhn.redhat.com/errata/RHSA-2013-1307.html\nhttp://rhn.redhat.com/errata/RHSA-2013-1615.html\nhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:114\nhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,7)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…