Description

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.

Remediation

References

CVE-2010-0397

Related Vulnerabilities

WordPress Plugin DiveBook Multiple Vulnerabilities (1.1.4)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7140)

YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)

phpBB CVE-2008-3224 Vulnerability (CVE-2008-3224)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667)

Severity

Medium

Classification

CVE-2010-0397

Tags

Missing Update Known Vulnerabilities