CVE-2013-1635
Published: 6 March 2013
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
Notes
Author | Note |
---|---|
mdeslaur | we do not support the use of open_basedir, marking as ignored |
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
|
lucid |
Ignored
|
|
oneiric |
Ignored
|
|
precise |
Ignored
|
|
quantal |
Ignored
|
|
upstream |
Released
(5.4.4-14)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74 upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=cc4c318b0c71e1a9c9cf803b5ee5d437344d64db vendor: http://www.debian.org/security/2013/dsa-2639 |