Published: 21/08/2013 Updated: 28/11/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and previous versions allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

Debian Bug report logs - #721221 php-openid: CVE-2013-4701 Package: php-openid; Maintainer for php-openid is Jan Hauke Rahm <jhr@debianorg>; Source for php-openid is src:php-openid (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Aug 2013 08:39:02 UTC Severity: grave Tags: patch, ...

Github Repositories

Provides mainly security patches for TYPO3 versions where the support has reached EOL

TYPO3 Patch Collection This project aims to collect and to provide at first place security patches for TYPO3 versions where the official support has ended However, you may also find here in some rare cases non-security patches that may fix certain bugs or may introduce a backported feature from a newer TYPO3 Version Although some of these patches were directly published by th