Description

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.

Remediation

References

CVE-2010-0397

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44949)

WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)

XWiki Insufficiently Protected Credentials Vulnerability (CVE-2022-41933)

MySQL CVE-2024-21134 Vulnerability (CVE-2024-21134)

Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13675)

Severity

Medium

Classification

CVE-2010-0397

Tags

Missing Update Known Vulnerabilities