Lucene search

MitreCVE-2004-1303

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1303

2005-01-1005:00:00

mitre

web.nvd.nist.gov

cve-2004-1303

buffer overflow

yanf 0.4

get.c

remote code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

Low

EPSS

0.001

Percentile

43.7%

JSON

Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.

Affected configurations

Nvd

Node

yanfyanfMatch0.4

VendorProductVersionCPE
yanfyanf0.4cpe:2.3:a:yanf:yanf:0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yanf	yanf	0.4	cpe:2.3:a:yanf:yanf:0.4:::::::*

References

tigger.uic.edu/~jlongs2/holes/yanf.txt

exchange.xforce.ibmcloud.com/vulnerabilities/18615

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

Low

EPSS

0.001

Percentile

43.7%

JSON

Related for CVE-2004-1303