CVE-2013-1824

Name: CVE-2013-1824
Creator: NVD / NIST
Published: 2013-09-16T13:02:34.627+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.31%

Last modified Jun 16, 2026

CVE-2013-1824 is a vulnerability of currently unknown severity. The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.. EPSS estimates a 4.31% chance of exploitation in the next 30 days.

Description

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.

Metrics

EPSS Probability

4.31%

89.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-611

Affected Software

Vendor	Product	Versions
Redhat	Enterprise Linux	5
Redhat	Enterprise Linux	6.0
Apple	Mac Os X	>= 10.0.0, < 10.8.5
Php	Php	< 5.3.22
Php	Php	>= 5.4.0, < 5.4.12

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlBroken Link, Mailing List
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.htmlThird Party Advisory
http://support.apple.com/kb/HT5880Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=918187Issue Tracking, Patch, Third Party Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlBroken Link, Mailing List
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.htmlThird Party Advisory
http://support.apple.com/kb/HT5880Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=918187Issue Tracking, Patch, Third Party Advisory

Timeline

Published: Sep 16, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-1824?

How severe is CVE-2013-1824?

Severity scoring for CVE-2013-1824 is pending analysis. The EPSS model estimates a 4.31% probability of exploitation in the next 30 days.

How do I fix CVE-2013-1824?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1824?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST