Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:114 | First vendor Publication | 2013-04-10 |
Vendor | Mandriva | Last vendor Modification | 2013-04-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been discovered and corrected in php: ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory (CVE-2013-1635). The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions (CVE-2013-1643). Backported upstream php bug #61930: "openssl corrupts ssl key resource when using openssl_get_publickey\(\)" to php-5.3.x. The new Powered by Mageia logo has been added to php, this is only a cosmetic change. The php-timezonedb package has been updated to the 2013.2 version. The updated packages have been upgraded to the 5.3.23 version which is not vulnerable to these issues. Additionally, some packages which requires so has been rebuilt for php-5.3.23. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:114 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18102 | |||
Oval ID: | oval:org.mitre.oval:def:18102 | ||
Title: | USN-1761-1 -- php5 vulnerability | ||
Description: | PHP could be made to expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1761-1 CVE-2013-1643 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | php5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18157 | |||
Oval ID: | oval:org.mitre.oval:def:18157 | ||
Title: | DSA-2639-1 php5 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP, the web scripting language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2639-1 CVE-2013-1635 CVE-2013-1643 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | php5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-09-19 | IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_php_20140401.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO |
2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-604.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1814.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131211_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1814.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1814.nasl - Type : ACT_GATHER_INFO |
2013-12-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-11-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1615.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO |
2013-10-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130930_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-10-03 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1307.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO |
2013-08-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php53-130718.nasl - Type : ACT_GATHER_INFO |
2013-08-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php53-130717.nasl - Type : ACT_GATHER_INFO |
2013-08-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-130718.nasl - Type : ACT_GATHER_INFO |
2013-08-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-8647.nasl - Type : ACT_GATHER_INFO |
2013-05-24 | Name : The remote web server uses a version of PHP that is potentially affected by a... File : php_5_3_23.nasl - Type : ACT_GATHER_INFO |
2013-05-24 | Name : The remote web server uses a version of PHP that is potentially affected by a... File : php_5_4_13.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-114.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3927.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3891.nasl - Type : ACT_GATHER_INFO |
2013-03-24 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-081-01.nasl - Type : ACT_GATHER_INFO |
2013-03-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1d23109a900511e29602d43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-03-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1761-1.nasl - Type : ACT_GATHER_INFO |
2013-03-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2639.nasl - Type : ACT_GATHER_INFO |
2013-03-04 | Name : The remote web server uses a version of PHP that is potentially affected by m... File : php_5_4_12.nasl - Type : ACT_GATHER_INFO |
2013-03-04 | Name : The remote web server uses a version of PHP that is potentially affected by m... File : php_5_3_22.nasl - Type : ACT_GATHER_INFO |
2013-03-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-016.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:39 |
|
2013-04-10 17:18:25 |
|