PT-2010-2176 · Php Development Team+1 · Php+1

Raphael Geissert

Published

2010-03-16

Updated

2010-12-10

CVE-2010-0397

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PHP version 5.3.1

Description The issue is related to the xmlrpc extension in PHP, which does not properly handle a missing methodName element in the first argument to the xmlrpc decode request function. This allows context-dependent attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, and possibly have other unspecified impacts via a crafted argument.

Recommendations For PHP version 5.3.1, consider disabling the xmlrpc decode request function until a patch is available to prevent potential denial of service attacks. Restrict access to the xmlrpc extension to minimize the risk of exploitation. Avoid using the xmlrpc decode request function with untrusted input until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-0397

DSA-2018-1

RHSA-2010:0919

RHSA-2010_0919

Affected Products

Php

Red Hat

PT-2010-2176 · Php Development Team+1 · Php+1

CVE-2010-0397

Related Identifiers

Affected Products

References · 37