PT-2013-1332 · Php+1 · Php+1

Arseniy Reutov

Published

2013-03-06

Updated

2024-06-15

CVE-2013-1635

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.22 PHP versions 5.4.x prior to 5.4.13

Description The issue is related to errors in privilege management in the ext/soap/soap.c component of the PHP interpreter. It allows a remote attacker to elevate their privileges. The problem arises from the lack of validation between the soap.wsdl cache dir directive and the open basedir directive, enabling remote attackers to bypass access restrictions by creating cached SOAP WSDL files in any directory.

Recommendations For PHP versions prior to 5.3.22, update to version 5.3.22 or later. For PHP versions 5.4.x prior to 5.4.13, update to version 5.4.13 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2022-02624

CVE-2013-1635

DSA-2639-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

SUSE-SU-2013_1285-1

SUSE-SU-2013_1285-2

SUSE-SU-2013_1317-1

Affected Products

Php

Suse

PT-2013-1332 · Php+1 · Php+1

CVE-2013-1635

Weakness Enumeration

Related Identifiers

Affected Products

References · 161