CVE-2013-4701 — Uncontrolled Resource Consumption in Php-openid

CWE-400 — Uncontrolled Resource Consumption7 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openid Php-openid Typo3 CMS Janrain Php-openid

Timeline

PublishedAug 21

Latest updateMay 17

Description

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶Packagistopenid/php-openid< 2.3.0

▶Ubuntujanrain/php-openid< 2.2.2-1.2+1

▶NVDjanrain/php-openid2.2.2

▶Packagisttypo3/cms6.2.0 — 6.2.6

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

PHP OpenID Library Denial of Service vulnerability↗2022-05-17

▶

OSV

PHP OpenID Library Denial of Service vulnerability↗2022-05-17

▶

CVEList

CVE-2013-4701: Auth/Yadis/XML↗2013-08-21

▶

OSV

CVE-2013-4701: Auth/Yadis/XML↗2013-08-21

▶

💬Community

Bugzilla

CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption↗2013-08-21

▶

Bugzilla

CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption [fedora-all]↗2013-08-21

▶