Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-2473

Published: 21/08/2009 Updated: 19/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Neon

Vulnerability Summary

neon prior to 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Product Search on Vulmon Subscribe to Product

webdav neon 0.28.6

Vendor Advisories

Red Hat: Low: gnome-vfs2 security and bug fix update
Synopsis Low: gnome-vfs2 security and bug fix update Type/Severity Security Advisory: Low Topic Updated gnome-vfs2 packages that fix one security issue and several bugsare now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact A Co ...
Debian CVElist Bug Report Logs: CVE-2009-2474: Improper verification of x590v3 certificate with NUL (zero) byte in certain fields
Debian Bug report logs - #542926 CVE-2009-2474: Improper verification of x590v3 certificate with NUL (zero) byte in certain fields Packages: neon27, neon, neon26; Maintainer for neon27 is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Maintainer for neon is (unknown); Maintainer for neon26 is (unknown); Reported by: Giuseppe Iucu ...

Exploits

Exploit DB: Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service
Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 110 SuSE openSUSE 103 SuSE Linux 9 SuSE Linux 11 SuSE Linux 100 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHa ...

References

CWE-399http://secunia.com/advisories/36371https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.htmlhttp://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.htmlhttp://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.htmlhttp://www.vupen.com/english/advisories/2009/2341http://www.mandriva.com/security/advisories?name=MDVSA-2009:221http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://support.apple.com/kb/HT4435http://rhn.redhat.com/errata/RHSA-2013-0131.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/52633https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461https://access.redhat.com/errata/RHSA-2013:0131https://nvd.nist.govhttps://www.exploit-db.com/exploits/10206/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook