CVE-2013-1635
Published: 6 March 2013
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
Notes
| Author | Note |
|---|---|
| mdeslaur | we do not support the use of open_basedir, marking as ignored |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
|
| lucid |
Ignored
|
|
| oneiric |
Ignored
|
|
| precise |
Ignored
|
|
| quantal |
Ignored
|
|
| upstream |
Released
(5.4.4-14)
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74 upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=cc4c318b0c71e1a9c9cf803b5ee5d437344d64db vendor: http://www.debian.org/security/2013/dsa-2639 |
||