CVE-2010-0397

Severity

50%

Complexity

99%

Confidentiality

48%

Per: http://cwe.mitre.org/data/slices/2000.html Improper Check for Unusual or Exceptional Conditions CWE-754

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.

Per: http://cwe.mitre.org/data/slices/2000.html Improper Check for Unusual or Exceptional Conditions CWE-754

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 14 years ago

2010-03-16 19:30:00

Last updated 14 years ago

2010-12-10 06:37:00

Affected Software

PHP 5.3.1

5.3.1

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573573

Exploit

APPLE-SA-2010-08-24-1

APPLE-SA-2010-11-10-1

SUSE-SR:2010:012

SUSE-SR:2010:013

SUSE-SR:2010:017

42410

http://support.apple.com/kb/HT4312

http://support.apple.com/kb/HT4435

MDVSA-2010:068

[oss-security] 20100312 CVE-2010-0397: NULL pointer dereference in PHP's xmlrpc extension

Exploit

RHSA-2010:0919

38708

Exploit

ADV-2010-0724

ADV-2010-3081

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.