Lucene search

K
cveMitreCVE-2010-0397
HistoryMar 16, 2010 - 7:30 p.m.

CVE-2010-0397

2010-03-1619:30:00
mitre
web.nvd.nist.gov
59
php
xmlrpc
extension
cve-2010-0397
denial of service
vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

9.3

Confidence

High

EPSS

0.023

Percentile

89.8%

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.

Affected configurations

Nvd
Node
phpphpMatch5.3.1
VendorProductVersionCPE
phpphp5.3.1cpe:/a:php:php:5.3.1:::

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

9.3

Confidence

High

EPSS

0.023

Percentile

89.8%