Back to search
CVE-2010-0397
Published: Mar 16, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573
x_refsource_CONFIRM
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
[oss-security] 20100312 CVE-2010-0397: NULL pointer dereference in PHP's xmlrpc extension
mailing-list
x_refsource_MLIST
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
SUSE-SR:2010:013
vendor-advisory
x_refsource_SUSE
38708
vdb-entry
x_refsource_BID
RHSA-2010:0919
vendor-advisory
x_refsource_REDHAT
APPLE-SA-2010-08-24-1
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT4312
x_refsource_CONFIRM
SUSE-SR:2010:012
vendor-advisory
x_refsource_SUSE
42410
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:017
vendor-advisory
x_refsource_SUSE
ADV-2010-0724
vdb-entry
x_refsource_VUPEN
MDVSA-2010:068
vendor-advisory
x_refsource_MANDRIVA
ADV-2010-3081
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now