PHP Multiple Vulnerabilities -March 2013 (Windows) Network Vulnerability

Summary

This host is running PHP and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows attackers to read arbitrary files and write wsdl files within the context of the affected application. Impact Level: Application

Solution

Upgrade to PHP 5.4.13 or 5.3.23, which will be availabe soon. For updates refer to http://www.php.net/downloads.php

Insight

Multiple flaws are due to, - Does not validate 'soap.wsdl_cache_dir' directive before writing SOAP wsdl cache files to the filesystem. - Allows the use of external entities while parsing SOAP wsdl files, issue in 'soap_xmlParseFile' and 'soap_xmlParseMemory' functions.

Affected

PHP version before 5.3.23 and 5.4.x before 5.4.13

References

http://bugs.gentoo.org/show_bug.cgi?id=459904
http://bugs.php.net/bug.php?id=64360
http://cxsecurity.com/cveshow/CVE-2013-1635
http://cxsecurity.com/cveshow/CVE-2013-1643
http://www.php.net/ChangeLog-5.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1635, CVE-2013-1643

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe Flash Media Server Multiple Remote Security Vulnerabilities
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)

Take action and discover your vulnerabilities