News
Vigil@nce: PHP, denial of service of xmlrpc
March 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
The xmlrpc_decode_request() function of PHP does not validate XML data, which forces a NULL pointer dereference.
Severity: 1/4
Consequences: denial of service of service
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/03/2010
IMPACTED PRODUCTS
PHP
DESCRIPTION OF THE VULNERABILITY
The xmlrpc extension of PHP is used to manage remote procedure
calls, expressed as XML. For example:
The xmlrpc_decode_request() function decodes XML data. However, if the "methodName" block is missing, a NULL pointer is dereferenced in xmlrpc_decode_request().
An attacker is generally not allowed to send xmlrpc data (otherwise, he can execute any public method). However, if an attacker is allowed to send them, he can send malformed data, in order to stop applications using xmlrpc_decode_request().
CHARACTERISTICS
Identifiers: 573573, BID-38708, CVE-2010-0397, VIGILANCE-VUL-9514
