PHP 'soap.wsdl_cache_dir' Validation Arbitrary File Write Vulnerability

Bugtraq ID: 58224
Class: Input Validation Error
CVE: CVE-2013-1635
Remote: Yes
Local: No
Published: Feb 21 2013 12:00AM
Updated: Apr 13 2015 09:18PM
Credit: Vendor reported this issue.
Vulnerable: Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 12.10 i386
Ubuntu Ubuntu Linux 12.10 amd64
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
SuSE SUSE Linux Enterprise Server for VMware 11 SP2
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 11 SP2
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 10 SP4
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 10 SP3 LTSS
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise SDK 11 SP2
SuSE SUSE Linux Enterprise SDK 10 SP4
Slackware Linux x86_64 -current
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux 13.37 x86_64
Slackware Linux 13.37
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.1
Slackware Linux -current
S.u.S.E. openSUSE 12.3
S.u.S.E. openSUSE 12.2
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
PHP PHP 5.4.1
PHP PHP 5.3.21
PHP PHP 5.3.17
PHP PHP 5.3.16
PHP PHP 5.3.14
PHP PHP 5.3.13
PHP PHP 5.3.12
PHP PHP 5.3.1
PHP PHP 5.3
PHP PHP 5.4.11
PHP PHP 5.3.15
PHP PHP 5.3.11
PHP PHP 5.3.10
Oracle Solaris 11.1
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Juniper CTPView 4.6
Juniper CTPView 4.5
Juniper CTPView 4.4
Juniper CTPView 4.3
Juniper CTPView 4.2
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apple Mac OS X Server 10.7.5
Apple Mac OS X Server 10.6.8
Apple Mac OS X 10.8.4
Apple Mac OS X 10.8.2
Apple Mac OS X 10.8.1
Apple Mac OS X 10.7.5
Apple Mac OS X 10.8.3
Apple Mac OS X 10.8
Apple Mac OS X 10.6.8
Not Vulnerable: PHP PHP 5.3.22
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2 alpha
+ Redhat Linux 6.2
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
PHP PHP 5.4.12
Oracle Solaris 11.1.17.5.0
Juniper CTPView 7.0R1
Apple Mac OS X 10.8.5


 

Privacy Statement
Copyright 2010, SecurityFocus