Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2013-08-21T16:00:00
Updated: 2016-11-25T20:57:01
Reserved: 2013-06-26T00:00:00
Link: CVE-2013-4701
JSON object: View
NVD Information
Status : Modified
Published: 2013-08-21T16:55:11.310
Modified: 2016-11-28T19:09:40.473
Link: CVE-2013-4701
JSON object: View
Redhat Information
No data.
CWE