Lucene search

K
ubuntucve
Ubuntu.comUB:CVE-2010-0397
HistoryMar 16, 2010 - 12:00 a.m.

CVE-2010-0397

2010-03-1600:00:00
ubuntu.com
ubuntu.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.6%

The xmlrpc extension in PHP 5.3.1 does not properly handle a missing
methodName element in the first argument to the xmlrpc_decode_request
function, which allows context-dependent attackers to cause a denial of
service (NULL pointer dereference and application crash) and possibly have
unspecified other impact via a crafted argument.

Bugs

Notes

Author Note
mdeslaur reproducer in debian bug
OSVersionArchitecturePackageVersionFilename
ubuntu08.04noarchphp5< 5.2.4-2ubuntu5.12UNKNOWN
ubuntu08.10noarchphp5< anyUNKNOWN
ubuntu09.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.6UNKNOWN
ubuntu09.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.5UNKNOWN
ubuntuupstreamnoarchphp5< 5.3.3UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.6%

Related for UB:CVE-2010-0397