Search

Find a vulnerability

Search criteria

    1 vulnerability found for PHP OpenID by JanRain

    JVNDB-2013-000080

    Vulnerability from jvndb - Published: 2013-08-21 14:26 - Updated:2013-08-23 18:38
    Severity
    N/A (UNKNOWN) - -
    Summary
    PHP OpenID Library vulnerable to XML external entity injection
    Details
    The PHP OpenID Library contains an XML external entity injection vulnerability. Takeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000080.html",
      "dc:date": "2013-08-23T18:38+09:00",
      "dcterms:issued": "2013-08-21T14:26+09:00",
      "dcterms:modified": "2013-08-23T18:38+09:00",
      "description": "The PHP OpenID Library contains an XML external entity injection vulnerability.\r\n\r\nTakeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000080.html",
      "sec:cpe": {
        "#text": "cpe:/a:janrain:php-openid",
        "@product": "PHP OpenID",
        "@vendor": "JanRain",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.4",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000080",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN24713981/index.html",
          "@id": "JVN#24713981",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4701",
          "@id": "CVE-2013-4701",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4701",
          "@id": "CVE-2013-4701",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "PHP OpenID Library vulnerable to XML external entity injection"
    }