CVE-2013-1635

Publication date 6 March 2013

Last updated 24 July 2024


Ubuntu priority

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
php5 12.10 quantal Ignored
12.04 LTS precise Ignored
11.10 oneiric Ignored
10.04 LTS lucid Ignored
8.04 LTS hardy Ignored

Notes


mdeslaur

we do not support the use of open_basedir, marking as ignored