Vulnerabilities > CVE-2013-4701 - XML External Entity Injection vulnerability in Janrain PHP-Openid 2.2.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
janrain
nessus

Summary

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Configurations

Part Description Count
Application
Janrain
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-959.NASL
    descriptionImportant security fixes for vulnerabilities in typo3 which can be used for Cross-Site Scripting or Denial of Service attacks or for authentication bypassing.
    last seen2020-06-05
    modified2016-08-12
    plugin id92930
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92930
    titleopenSUSE Security Update : typo3 (openSUSE-2016-959)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-959.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92930);
      script_version("2.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4701", "CVE-2013-7073", "CVE-2014-3941");
    
      script_name(english:"openSUSE Security Update : typo3 (openSUSE-2016-959)");
      script_summary(english:"Check for the openSUSE-2016-959 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Important security fixes for vulnerabilities in typo3 which can be
    used for Cross-Site Scripting or Denial of Service attacks or for
    authentication bypassing."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected typo3 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typo3-cms-4_5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typo3-cms-4_7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"typo3-cms-4_5-4.5.40-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"typo3-cms-4_7-4.7.20-3.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "typo3-cms-4_5 / typo3-cms-4_7");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-15258.NASL
    descriptionFix for CVE-2013-4701 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-09-02
    plugin id69535
    published2013-09-02
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69535
    titleFedora 19 : php-pear-Auth-OpenID-2.2.2-7.fc19 (2013-15258)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-15258.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69535);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4701");
      script_bugtraq_id(61898);
      script_xref(name:"FEDORA", value:"2013-15258");
    
      script_name(english:"Fedora 19 : php-pear-Auth-OpenID-2.2.2-7.fc19 (2013-15258)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix for CVE-2013-4701
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=999687"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115039.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?837cc3be"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected php-pear-Auth-OpenID package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pear-Auth-OpenID");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"php-pear-Auth-OpenID-2.2.2-7.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-pear-Auth-OpenID");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1002.NASL
    descriptionThis update for typo3-cms-4_7 fixes the following issues : - CVE-2014-3941: Multiple vulnerabilities (TYPO3-CORE-SA-2014-001) - CVE-2013-4701: Multiple vulnerabilities (TYPO3-CORE-SA-2014-002) - CVE-2013-7073: Multiple vulnerabilities (TYPO3-CORE-SA-2013-004) - other security fixes, e.g. preventing XSS attacks. The package was updated to last upstream version (discontinued) 4.7.20
    last seen2020-06-05
    modified2016-08-22
    plugin id93062
    published2016-08-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93062
    titleopenSUSE Security Update : typo3-cms-4_7 (openSUSE-2016-1002)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1002.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93062);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4701", "CVE-2013-7073", "CVE-2014-3941");
    
      script_name(english:"openSUSE Security Update : typo3-cms-4_7 (openSUSE-2016-1002)");
      script_summary(english:"Check for the openSUSE-2016-1002 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for typo3-cms-4_7 fixes the following issues :
    
      - CVE-2014-3941: Multiple vulnerabilities
        (TYPO3-CORE-SA-2014-001)
    
      - CVE-2013-4701: Multiple vulnerabilities
        (TYPO3-CORE-SA-2014-002)
    
      - CVE-2013-7073: Multiple vulnerabilities
        (TYPO3-CORE-SA-2013-004)
    
      - other security fixes, e.g. preventing XSS attacks.
    
    The package was updated to last upstream version (discontinued) 4.7.20"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=974993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975949"
      );
      # https://features.opensuse.org/320748
      script_set_attribute(
        attribute:"see_also",
        value:"https://features.opensuse.org/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected typo3-cms-4_7 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typo3-cms-4_7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"typo3-cms-4_7-4.7.20-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"typo3-cms-4_7-4.7.20-7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "typo3-cms-4_7");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-15253.NASL
    descriptionFix for CVE-2013-4701 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-09-02
    plugin id69534
    published2013-09-02
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69534
    titleFedora 18 : php-pear-Auth-OpenID-2.2.2-7.fc18 (2013-15253)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-15253.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69534);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4701");
      script_bugtraq_id(61898);
      script_xref(name:"FEDORA", value:"2013-15253");
    
      script_name(english:"Fedora 18 : php-pear-Auth-OpenID-2.2.2-7.fc18 (2013-15253)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix for CVE-2013-4701
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=999687"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115040.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?95cadf6c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected php-pear-Auth-OpenID package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-pear-Auth-OpenID");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"php-pear-Auth-OpenID-2.2.2-7.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-pear-Auth-OpenID");
    }