CVE-2013-4701

Upstream information

CVE-2013-4701 at MITRE

Description

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entry: 1082714 [RESOLVED / FIXED]

SUSE Security Advisories:

• openSUSE-SU-2016:2025-1, published Fri Dec 8 15:48:35 2023
openSUSE-SU-2016:2114-1

---

SUSE Timeline for this CVE

CVE page created: Wed Aug 21 21:15:23 2013
CVE page last modified: Fri Dec 8 17:00:06 2023