CVE-2013-4701

NameCVE-2013-4701
DescriptionAuth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs721221

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-openid (PTS)jessie2.2.2-1.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-openidsource(unstable)2.2.2-1.2low721221

Notes

[wheezy] - php-openid <no-dsa> (Minor issue)
[squeeze] - php-openid <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems