Published: 27/08/2008 Updated: 08/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

neon 0.28.0 up to and including 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webdav neon 0.28.1
webdav neon 0.28.2
webdav neon 0.28.0

Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications ...

NVD-CWE-Other http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html http://www.openwall.com/lists/oss-security/2008/08/15/4 http://www.openwall.com/lists/oss-security/2008/08/20/2 http://www.openwall.com/lists/oss-security/2008/08/20/5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.securityfocus.com/bid/30710 http://secunia.com/advisories/31687 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00367.html http://secunia.com/advisories/32286 http://secunia.com/advisories/31508 http://www.securitytracker.com/id?1020725 http://www.mandriva.com/security/advisories?name=MDVSA-2009:074 http://secunia.com/advisories/36799 http://www.ubuntu.com/usn/usn-835-1 http://www.vupen.com/english/advisories/2008/2420 https://exchange.xforce.ibmcloud.com/vulnerabilities/44511 https://usn.ubuntu.com/835-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3746

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect