Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability found for PHP OpenID by JanRain

JVNDB-2013-000080

Vulnerability from jvndb - Published: 2013-08-21 14:26 - Updated:2013-08-23 18:38
Severity ?
N/A (UNKNOWN) - -
Summary
PHP OpenID Library vulnerable to XML external entity injection
Details
The PHP OpenID Library contains an XML external entity injection vulnerability. Takeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000080.html",
  "dc:date": "2013-08-23T18:38+09:00",
  "dcterms:issued": "2013-08-21T14:26+09:00",
  "dcterms:modified": "2013-08-23T18:38+09:00",
  "description": "The PHP OpenID Library contains an XML external entity injection vulnerability.\r\n\r\nTakeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000080.html",
  "sec:cpe": {
    "#text": "cpe:/a:janrain:php-openid",
    "@product": "PHP OpenID",
    "@vendor": "JanRain",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2013-000080",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN24713981/index.html",
      "@id": "JVN#24713981",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4701",
      "@id": "CVE-2013-4701",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4701",
      "@id": "CVE-2013-4701",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "PHP OpenID Library vulnerable to XML external entity injection"
}