PHP Multiple Vulnerabilities -March 2013 (Windows) Network Vulnerability

Summary

This host is running PHP and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows attackers to read arbitrary files and write wsdl files within the context of the affected application. Impact Level: Application

Solution

Upgrade to PHP 5.4.13 or 5.3.23, which will be availabe soon. For updates refer to http://www.php.net/downloads.php

Insight

Multiple flaws are due to, - Does not validate 'soap.wsdl_cache_dir' directive before writing SOAP wsdl cache files to the filesystem. - Allows the use of external entities while parsing SOAP wsdl files, issue in 'soap_xmlParseFile' and 'soap_xmlParseMemory' functions.

Affected

PHP version before 5.3.23 and 5.4.x before 5.4.13

References

http://bugs.gentoo.org/show_bug.cgi?id=459904
http://bugs.php.net/bug.php?id=64360
http://cxsecurity.com/cveshow/CVE-2013-1635
http://cxsecurity.com/cveshow/CVE-2013-1643
http://www.php.net/ChangeLog-5.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1635, CVE-2013-1643

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)

Take action and discover your vulnerabilities