The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

The remote host is affected by the vulnerability described in GLSA-201408-11 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       CVE identifiers referenced below for details.
  Impact :

    A context-dependent attacker can cause arbitrary code execution, create       a Denial of Service condition, read or write arbitrary files, impersonate       other servers, hijack a web session, or have other unspecified impact.
      Additionally, a local attacker could gain escalated privileges.
  Workaround :

    There is no known workaround at this time.

The remote host is missing Mac OS X security update 2013-004 that fixes multiple security issues. 

The remote host is running a version of Mac OS X 10.8 that is older than 10.8.5. The newer version contains numerous security-related fixes for the following components :

  - Apache
  - Bind
  - Certificate Trust Policy
  - CoreGraphics
  - ImageIO
  - Installer
  - IPSec
  - Kernel
  - Mobile Device Management
  - OpenSSL
  - PHP
  - PostgreSQL
  - Power Management
  - QuickTime
  - Screen Lock
  - sudo

 This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit.

 Note that successful exploitation of the most serious issues could result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied.  This update contains several security-related fixes for the following component :

  - Apache
  - Bind
  - Certificate Trust Policy
  - ClamAV
  - Installer
  - IPSec
  - Mobile Device Management
  - OpenSSL
  - PHP
  - PostgreSQL
  - QuickTime
  - sudo

Note that successful exploitation of the most serious issues could result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components :

  - Apache
  - Bind
  - Certificate Trust Policy
  - CoreGraphics
  - ImageIO
  - Installer
  - IPSec
  - Kernel
  - Mobile Device Management
  - OpenSSL
  - PHP
  - PostgreSQL
  - Power Management
  - QuickTime
  - Screen Lock
  - sudo

This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit.

Note that successful exploitation of the most serious issues could result in arbitrary code execution.

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.13.  It is, therefore, potentially affected by an information disclosure vulnerability. The 5.4.12 fix for CVE-2013-1635 / CVE-2013-1643 was incomplete and an error still exists in the files 'ext/soap/php_xml.c' and 'ext/libxml/libxml.c' related to handling external entities.  This error could cause PHP to parse remote XML documents defined by an attacker and could allow access to arbitraryfiles.

Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported version number.

According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.23.  It is, therefore, potentially affected by multiple vulnerabilities:

  - An error exists in the file 'ext/soap/soap.c'     related to the 'soap.wsdl_cache_dir' configuration     directive and writing cache files that could allow     remote 'wsdl' files to be written to arbitrary     locations. (CVE-2013-1635)

  - An error exists in the file 'ext/soap/php_xml.c'     related to parsing SOAP 'wsdl' files and external     entities that could cause PHP to parse remote XML     documents defined by an attacker. This could allow     access to arbitrary files. (CVE-2013-1643)

  - An information disclosure in the file     'ext/soap/php_xml.c' related to parsing SOAP 'wsdl'     files and external entities that could cause PHP to     parse remote XML documents defined by an attacker. This     could allow access to arbitrary files. (CVE-2013-1824)

Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported version number.

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.12.  It is, therefore, potentially affected by an information disclosure in the file 'ext/soap/php_xml.c' related to parsing SOAP 'wsdl' files and external entities that could cause PHP to parse remote XML documents defined by an attacker. This could allow access to arbitrary files. (CVE-2013-1824)

Note that this plugin does not attempt to exploit the vulnerabilities but, instead relies only on PHP's self-reported version number.

ID	Name	Product	Family	Severity
86007	F5 Networks BIG-IP : SOAP parser vulnerability (SOL15879)	Nessus	F5 Networks Local Security Checks	medium
77455	GLSA-201408-11 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
8008	Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)	Nessus Network Monitor	Web Clients	critical
69878	Mac OS X Multiple Vulnerabilities (Security Update 2013-004)	Nessus	MacOS X Local Security Checks	critical
69877	Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
66585	PHP 5.4.x < 5.4.13 Information Disclosure	Nessus	CGI abuses	high
66584	PHP 5.3.x < 5.3.23 Multiple Vulnerabilities	Nessus	CGI abuses	high
64993	PHP 5.4.x < 5.4.12 Information Disclosure	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2013-1824

high

Tenable Plugins

medium

high

critical

critical

critical

high

high

medium