CVE-2010-0397

Name of the Vulnerable Software and Affected Versions PHP version 5.3.1

Description The issue is related to the xmlrpc extension in PHP, which does not properly handle a missing methodName element in the first argument to the xmlrpc decode request function. This allows context-dependent attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, and possibly have other unspecified impacts via a crafted argument.

Recommendations For PHP version 5.3.1, consider disabling the xmlrpc decode request function until a patch is available to prevent potential denial of service attacks. Restrict access to the xmlrpc extension to minimize the risk of exploitation. Avoid using the xmlrpc decode request function with untrusted input until the issue is resolved.