Описание
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.4.9-4ubuntu2 |
| hardy | released | 5.2.4-2ubuntu5.27 |
| lucid | released | 5.3.2-1ubuntu4.19 |
| oneiric | released | 5.3.6-13ubuntu3.10 |
| precise | released | 5.3.10-1ubuntu3.6 |
| quantal | released | 5.4.6-1ubuntu1.2 |
| upstream | released | 5.4.4-14, 5.3.23, 5.4.13 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows re ...
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
EPSS
4.3 Medium
CVSS2