Vigil@nce - PHP: file access via SOAP
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of the SOAP feature of
PHP, in order to read or to write to a file.
– Impacted products: Debian, MES, Mandriva Linux, PHP
– Severity: 2/4
– Creation date: 28/02/2013
DESCRIPTION OF THE VULNERABILITY
The SOAP (Simple Object Access Protocol) feature is used to call
methods on objects. The PHP interpreter implements SOAP, however
this implementation is impacted by two vulnerabilities.
An attacker can use the soap.wsdl_cache_dir directive, in order to
write a file outside the open_basedir directory. [severity:2/4;
CVE-2013-1635]
An attacker can use an external entity, in order to read a server
file. [severity:2/4; CVE-2013-1643]
An attacker can therefore use two vulnerabilities of the SOAP
feature of PHP, in order to read or to write to a file.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-file-access-via-SOAP-12475