Published: 21/08/2013 Updated: 28/11/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and previous versions allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
janrain php-openid

Debian Bug report logs - #721221 php-openid: CVE-2013-4701 Package: php-openid; Maintainer for php-openid is Jan Hauke Rahm <jhr@debianorg>; Source for php-openid is src:php-openid (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Aug 2013 08:39:02 UTC Severity: grave Tags: patch, ...

NVD-CWE-noinfo https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9 http://jvndb.jvn.jp/jvndb/JVNDB-2013-000080 http://jvn.jp/en/jp/JVN24713981/index.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721221 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-4701

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect