CVE-2004-0179

Neon WebDAV Client Library 0.2x - Format String

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

Multiples vulenerabilidades de cadena de formato en (1) neon 0.24.4 y anteriores, y otros productos que usan neon incluyendo (2) Cadaver, (3) Subversion, o (4) OpenOffice, permite a servidores remotos WebDAV maliciosos ejecutar código arbitrario.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-02-25 CVE Reserved
2004-04-14 First Exploit
2004-04-16 CVE Published
2023-03-24 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-134: Use of Externally-Controlled Format String

CAPEC

References (22)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=108213873203477&w=2	Issue Tracking
http://marc.info/?l=bugtraq&m=108214147022626&w=2	Issue Tracking
http://secunia.com/advisories/11363	Third Party Advisory
http://www.osvdb.org/5365	Broken Link
http://www.securityfocus.com/bid/10136	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/23999	2004-04-14

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc	2020-10-13
http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html	2020-10-13
http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html	2020-10-13
http://security.gentoo.org/glsa/glsa-200405-01.xml	2020-10-13
http://security.gentoo.org/glsa/glsa-200405-04.xml	2020-10-13
http://www.debian.org/security/2004/dsa-487	2020-10-13
http://www.mandriva.com/security/advisories?name=MDKSA-2004:032	2020-10-13
http://www.redhat.com/support/errata/RHSA-2004-157.html	2020-10-13
http://www.redhat.com/support/errata/RHSA-2004-158.html	2020-10-13
http://www.redhat.com/support/errata/RHSA-2004-159.html	2020-10-13
http://www.redhat.com/support/errata/RHSA-2004-160.html	2020-10-13
https://bugzilla.fedora.us/show_bug.cgi?id=1552	2020-10-13
https://access.redhat.com/security/cve/CVE-2004-0179	2004-04-30
https://bugzilla.redhat.com/show_bug.cgi?id=1617170	2004-04-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Webdav Search vendor "Webdav"	Neon Search vendor "Webdav" for product "Neon"	>= 0.19.0 < 0.24.5 Search vendor "Webdav" for product "Neon" and version " >= 0.19.0 < 0.24.5"	-	Affected	in	Apache Search vendor "Apache"	Openoffice Search vendor "Apache" for product "Openoffice"	*	-	Safe
Webdav Search vendor "Webdav"	Neon Search vendor "Webdav" for product "Neon"	>= 0.19.0 < 0.24.5 Search vendor "Webdav" for product "Neon" and version " >= 0.19.0 < 0.24.5"	-	Affected	in	Apache Search vendor "Apache"	Subversion Search vendor "Apache" for product "Subversion"	*	-	Safe
Webdav Search vendor "Webdav"	Neon Search vendor "Webdav" for product "Neon"	>= 0.19.0 < 0.24.5 Search vendor "Webdav" for product "Neon" and version " >= 0.19.0 < 0.24.5"	-	Affected	in	Webdav Search vendor "Webdav"	Cadaver Search vendor "Webdav" for product "Cadaver"	*	-	Safe
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		-		Affected