Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19297
HistoryMar 19, 2010 - 12:00 a.m.

PHP xmlrpc扩展空指针引用拒绝服务漏洞

2010-03-1900:00:00
Root
www.seebug.org
12

0.023 Low

EPSS

Percentile

88.5%

JSON

BUGTRAQ ID: 38708
CVE(CAN) ID: CVE-2010-0397

PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。

PHP所使用的xmlrpc扩展在解码畸形xml-rpc请求时存在空指针引用错误。如果请求为有效的xml但没有包含预期的标签,xmlrpc_decode_request就会生成分段错误并导致崩溃。

PHP 5.3.1
厂商补丁:

PHP

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.php.net


                                                <?php
$req = '<?xml version="1.0"?>
<methodCall>
   </methodCall>';
    $result = xmlrpc_decode_request( $req, $frop );
?>

Related

openvas 37
nessus 22
prion 1
cve 1
veracode 1
f5 2
securityvulns 4
ubuntucve 1
osv 1
debian 1
redhat 1
fedora 6
oraclelinux 1
centos 1
ubuntu 1
openvas
openvas
Mandriva Update for drakconf MDVA-2010:068 (drakconf)
2010-02-19 00:00:00
Mandriva Update for drakconf MDVA-2010:068 (drakconf)
2010-02-19 00:00:00
Debian: Security Advisory (DSA-2018-1)
2023-03-08 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2010:068)
2010-03-29 00:00:00
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0255-1)
2010-05-18 00:00:00
openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:0255-2)
2010-05-18 00:00:00
prion
prion
Null pointer dereference
2010-03-16 19:30:00
cve
cve
CVE-2010-0397
2010-03-16 19:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:53:57
f5
f5
SOL12156 - PHP xmlrpc vulnerability - CVE-2010-0397
2010-10-14 00:00:00
K12156 : PHP xmlrpc vulnerability - CVE-2010-0397
2013-07-03 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference
2010-03-21 00:00:00
PHP DoS
2010-03-21 00:00:00
[USN-989-1] PHP vulnerabilities
2010-09-27 00:00:00
ubuntucve
ubuntucve
CVE-2010-0397
2010-03-16 00:00:00
osv
osv
php5 - null pointer dereference
2010-03-18 00:00:00
debian
debian
[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference
2010-03-18 16:38:27
redhat
redhat
(RHSA-2010:0919) Moderate: php security update
2010-11-29 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: php-eaccelerator-0.9.6.1-2.fc12
2010-08-23 22:08:06
[SECURITY] Fedora 13 Update: php-5.3.3-1.fc13
2010-08-23 22:00:56
[SECURITY] Fedora 12 Update: php-5.3.3-1.fc12
2010-08-23 22:08:06
oraclelinux
oraclelinux
php security update
2010-11-29 00:00:00
centos
centos
php security update
2010-11-30 12:21:14
ubuntu
ubuntu
PHP vulnerabilities
2010-09-20 00:00:00

0.023 Low

EPSS

Percentile

88.5%

JSON
Related for SSV:19297
openvas37nessus22prion1cve1veracode1f52securityvulns4ubuntucve1osv1debian1redhat1fedora6oraclelinux1centos1ubuntu1