CVE-2013-4701
published 2013-08-21CVE-2013-4701: Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.00%
85.7th percentile
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| janrain | php-openid | <= 2.2.2 | — |
| janrain | php-openid | >= 0 < 2.2.2-1.2 | 2.2.2-1.2 |
| janrain | php-openid | >= 0 < 2.2.2-1.2 | 2.2.2-1.2 |
| openid | php-openid | >= 0 < 2.3.0 | 2.3.0 |
| typo3 | cms | >= 6.2.0 < 6.2.6 | 6.2.6 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PHP OpenID Library Denial of Service vulnerability
ghsa·2022-05-17
CVE-2013-4701 [HIGH] CWE-400 PHP OpenID Library Denial of Service vulnerability
PHP OpenID Library Denial of Service vulnerability
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
OSV
PHP OpenID Library Denial of Service vulnerability
osv·2022-05-17
CVE-2013-4701 [HIGH] PHP OpenID Library Denial of Service vulnerability
PHP OpenID Library Denial of Service vulnerability
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
OSV
CVE-2013-4701: Auth/Yadis/XML
osv·2013-08-21·CVSS 7.5
CVE-2013-4701 [HIGH] CVE-2013-4701: Auth/Yadis/XML
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption
bugzilla·2013-08-21·CVSS 7.5
CVE-2013-4701 [HIGH] CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption
CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4701 to
the following vulnerability:
Name: CVE-2013-4701
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4701
Assigned: 20130626
Reference: https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9
Reference: JVN:JVN#24713981
Reference: http://jvn.jp/en/jp/JVN24713981/index.html
Reference: JVNDB:JVNDB-2013-000080
Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2013-000080
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows
remote attackers to read arbitrary files, send HTTP requests to
intranet servers, or cause a denial of service (CPU and me
Bugzilla
CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption [fedora-all]
bugzilla·2013-08-21·CVSS 7.5
CVE-2013-4701 [HIGH] CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption [fedora-all]
CVE-2013-4701 php-pear-Auth-OpenID: XML External Entity issue allows for reading arbitrary files or excessive resource consumption [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and
http://jvn.jp/en/jp/JVN24713981/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000080http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00083.htmlhttps://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9http://jvn.jp/en/jp/JVN24713981/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2013-000080http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00083.htmlhttps://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9
2013-08-21
Published