Vulnerability Name:

CVE-2013-6501 (CCN-100942)

Assigned:2013-11-04
Published:2015-02-08
Updated:2016-11-30
Summary:The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-74
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2013-6501

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0436

Source: CCN
Type: PHP Web site
wdsl extension

Source: CCN
Type: oss-security Mailing List, Sun, 08 Feb 2015 15:20:10 -0700
CVE-2013-6501 php: predictible filename used for cache in world writable directory

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: BID
Type: UNKNOWN
72530

Source: CCN
Type: BID-72530
PHP wdsl Extension CVE-2013-6501 Security Weakness

Source: CCN
Type: Red Hat Bugzilla – Bug 1009103
(CVE-2013-6501) CVE-2013-6501 php: predictible filename used for cache in world writable directory

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1009103

Source: XF
Type: UNKNOWN
php-wdsl-cve20136501-sec-bypass(100942)

Source: GENTOO
Type: UNKNOWN
GLSA-201606-10

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-6501

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.6.7)

    • Configuration 2:
  • cpe:/o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:11.0:sp3:*:*:vmware:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20136501
    V
    		CVE-2013-6501
    2022-05-20
    oval:com.ubuntu.precise:def:20136501000
    V
    		CVE-2013-6501 on Ubuntu 12.04 LTS (precise) - negligible.
    2015-03-30
    oval:com.ubuntu.xenial:def:201365010000000
    V
    		CVE-2013-6501 on Ubuntu 16.04 LTS (xenial) - negligible.
    2015-03-30
    oval:com.ubuntu.trusty:def:20136501000
    V
    		CVE-2013-6501 on Ubuntu 14.04 LTS (trusty) - negligible.
    2015-03-30
    oval:com.ubuntu.xenial:def:20136501000
    V
    		CVE-2013-6501 on Ubuntu 16.04 LTS (xenial) - negligible.
    2015-03-30
    BACK
    php php *
    suse linux enterprise server 11.0 sp3
    suse linux enterprise server 11.0 sp3