Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-0398

Published: 07/07/2004 Updated: 09/10/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cadaver

Vulnerability Summary

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and previous versions, as used by cadaver prior to 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

webdav cadaver

webdav neon

debian debian linux 3.0

Vendor Advisories

Red Hat: cadaver security update
Synopsis cadaver security update Type/Severity Security Advisory: Important Topic An updated cadaver package is now available that fixes a vulnerability inneon which could be exploitable by a malicious DAV server Description cadaver is a command-line WebDAV client that uses inbuilt code fr ...
Debian Security Advisories: DSA-506-1 neon -- buffer overflow
Stefan Esser discovered a problem in neon, an HTTP and WebDAV client library User input is copied into variables not large enough for all cases This can lead to an overflow of a static heap variable For the stable distribution (woody) this problem has been fixed in version 0193-2woody5 For the unstable distribution (sid) this problem has been ...
Debian Security Advisories: DSA-507-1 cadaver -- buffer overflow
Stefan Esser discovered a problem in neon, an HTTP and WebDAV client library, which is also present in cadaver, a command-line client for WebDAV server User input is copied into variables not large enough for all cases This can lead to an overflow of a static heap variable For the stable distribution (woody) this problem has been fixed in versio ...

References

CWE-787http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841http://www.redhat.com/support/errata/RHSA-2004-191.htmlhttp://www.debian.org/security/2004/dsa-506http://www.debian.org/security/2004/dsa-507https://bugzilla.fedora.us/show_bug.cgi?id=1552http://security.gentoo.org/glsa/glsa-200405-13.xmlhttp://security.gentoo.org/glsa/glsa-200405-15.xmlhttp://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.htmlhttp://www.ciac.org/ciac/bulletins/o-148.shtmlhttp://www.securityfocus.com/bid/10385http://www.osvdb.org/6302http://secunia.com/advisories/11638http://secunia.com/advisories/11650http://secunia.com/advisories/11673http://www.mandriva.com/security/advisories?name=MDKSA-2004:049http://marc.info/?l=bugtraq&m=108500057108022&w=2http://marc.info/?l=bugtraq&m=108498433632333&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16192https://access.redhat.com/errata/RHSA-2004:191https://nvd.nist.govhttps://www.debian.org/security/./dsa-506
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook