[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0398Date: (C)2004-07-07   (M)2023-12-22


Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-10385
SECUNIA-11638
SECUNIA-11650
SECUNIA-11673
http://marc.info/?l=bugtraq&m=108498433632333&w=2
http://marc.info/?l=bugtraq&m=108500057108022&w=2
OSVDB-6302
CLA-2004:841
DSA-506
DSA-507
FEDORA-2004-1552
GLSA-200405-13
GLSA-200405-15
MDKSA-2004:049
O-148
RHSA-2004:191
neon-library-nerfc1036parse-bo(16192)

CPE    3
cpe:/a:webdav:cadaver
cpe:/o:debian:debian_linux:3.0
cpe:/a:webdav:neon
CWE    1
CWE-787

© SecPod Technologies