CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.6%
Stefan Esser reports:
A vulnerability within a libneon date parsing function
could cause a heap overflow which could lead to remote
code execution, depending on the application using
libneon.
The vulnerability is in the function ne_rfc1036_parse,
which is in turn used by the function ne_httpdate_parse.
Applications using either of these neon functions may be
vulnerable.