icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP 5.3.x < 5.3.22 Multiple Vulnerabilities

Medium

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

PHP versions 5.3.x earlier than 5.3.22 are affected by the following vulnerabilities :

- An error exists in the file 'ext/soap/soap.c' related to the 'soap.wsdl_cache_dir' configuration directive and writing cache files that could allow remote 'wsdl' files to be written to arbitrary locations. (CVE-2013-1635)

- An error exists in the file 'ext/soap/php_xml.c' related to parsing SOAP 'wsdl' files and external entities that could cause PHP to parse remote XML documents defined by an attacker. This could allow access to arbitrary files. (CVE-2013-1643)

Solution

Upgrade to PHP version 5.3.22 or later.