paul Posted March 27, 2010 Report Share Posted March 27, 2010 A vulnerability has been found and corrected in php: The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument (CVE-2010-0397). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts