Required CVE Record Information
Description
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References 5 Total
- https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9
- lists.opensuse.org: openSUSE-SU-2016:2025 vendor-advisory
- jvndb.jvn.jp: JVNDB-2013-000080 third-party-advisory
- lists.opensuse.org: openSUSE-SU-2016:2114 vendor-advisory
- jvn.jp: JVN#24713981 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9 x_transferred
- lists.opensuse.org: openSUSE-SU-2016:2025 vendor-advisoryx_transferred
- jvndb.jvn.jp: JVNDB-2013-000080 third-party-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2016:2114 vendor-advisoryx_transferred
- jvn.jp: JVN#24713981 third-party-advisoryx_transferred