CVE-2004-0398
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.019 Low
EPSS
Percentile
88.6%
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| webdav:cadaver | webdav cadaver | lt | 0.22.0 |
| webdav:neon | webdav neon | le | 0.24.5 |
References
archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841
marc.info/?l=bugtraq&m=108498433632333&w=2
marc.info/?l=bugtraq&m=108500057108022&w=2
secunia.com/advisories/11638
secunia.com/advisories/11650
secunia.com/advisories/11673
security.gentoo.org/glsa/glsa-200405-13.xml
security.gentoo.org/glsa/glsa-200405-15.xml
www.ciac.org/ciac/bulletins/o-148.shtml
www.debian.org/security/2004/dsa-506
www.debian.org/security/2004/dsa-507
www.mandriva.com/security/advisories?name=MDKSA-2004:049
www.osvdb.org/6302
www.redhat.com/support/errata/RHSA-2004-191.html
www.securityfocus.com/bid/10385
bugzilla.fedora.us/show_bug.cgi?id=1552
exchange.xforce.ibmcloud.com/vulnerabilities/16192
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.019 Low
EPSS
Percentile
88.6%