PT-2013-1332 · Php+1 · Php+1

Arseniy Reutov

Publicado

2013-03-06

Atualizado

2024-06-15

CVE-2013-1635

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.22 PHP versions 5.4.x prior to 5.4.13

Description The issue is related to errors in privilege management in the ext/soap/soap.c component of the PHP interpreter. It allows a remote attacker to elevate their privileges. The problem arises from the lack of validation between the soap.wsdl cache dir directive and the open basedir directive, enabling remote attackers to bypass access restrictions by creating cached SOAP WSDL files in any directory.

Recommendations For PHP versions prior to 5.3.22, update to version 5.3.22 or later. For PHP versions 5.4.x prior to 5.4.13, update to version 5.4.13 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2022-02624

CVE-2013-1635

DSA-2639-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

SUSE-SU-2013_1285-1

SUSE-SU-2013_1285-2

SUSE-SU-2013_1317-1

Produtos afetados

Php

Suse

PT-2013-1332 · Php+1 · Php+1

CVE-2013-1635

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 161