Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-0398

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

Published

2004-07-07T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webdav	cadaver	< 0.22.0	Yes
Application	webdav	neon	≤ 0.24.5	Yes
Operating System	debian	debian_linux	3.0	Yes

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html Broken Link ([email protected])
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841 Broken Link ([email protected])
http://marc.info/?l=bugtraq&m=108498433632333&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=108500057108022&w=2 Third Party Advisory ([email protected])
http://secunia.com/advisories/11638 Third Party Advisory ([email protected])
http://secunia.com/advisories/11650 Third Party Advisory ([email protected])
http://secunia.com/advisories/11673 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200405-13.xml Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200405-15.xml Third Party Advisory ([email protected])
http://www.ciac.org/ciac/bulletins/o-148.shtml Broken Link ([email protected])
http://www.debian.org/security/2004/dsa-506 Third Party Advisory ([email protected])
http://www.debian.org/security/2004/dsa-507 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2004:049 Third Party Advisory ([email protected])
http://www.osvdb.org/6302 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2004-191.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/10385 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.fedora.us/show_bug.cgi?id=1552 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/16192 Third Party Advisory, VDB Entry ([email protected])
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=108498433632333&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=108500057108022&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/11638 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/11650 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/11673 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200405-13.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200405-15.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ciac.org/ciac/bulletins/o-148.shtml Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2004/dsa-506 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2004/dsa-507 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2004:049 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/6302 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2004-191.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/10385 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.fedora.us/show_bug.cgi?id=1552 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16192 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)