#VU32705 Information disclosure in PHP - CVE-2013-1643

Cybersecurity Help s.r.o.

Published: 2013-03-06 | Updated: 2020-07-28

Vulnerability identifier: #VU32705

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-1643

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 5.3.0 - 5.3.22

External links
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221
https://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6
https://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html
https://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
https://rhn.redhat.com/errata/RHSA-2013-1307.html
https://rhn.redhat.com/errata/RHSA-2013-1615.html
https://secunia.com/advisories/55078
https://support.apple.com/kb/HT5880
https://www.debian.org/security/2013/dsa-2639
https://www.mandriva.com/security/advisories?name=MDVSA-2013:114
https://www.php.net/ChangeLog-5.php
https://www.ubuntu.com/usn/USN-1761-1
https://bugs.gentoo.org/show_bug.cgi?id=459904
https://bugzilla.redhat.com/show_bug.cgi?id=918187
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE Linux update for PHP5

Information disclosure in php (Alpine package)

Slackware Linux update for php

Information disclosure in PHP