CVE-2004-0398
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Desbordamiento de búfer en la función de proceso de de fecha ne_rfc1036_parse de la librería neon (libneon) 0.24.5 y anteriores, usada en cadaver 0.22 permite a servidores WebDAV ejecutar código arbitrario en el cliente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-04-13 CVE Reserved
- 2004-05-20 CVE Published
- 2023-04-27 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html | Broken Link | |
| http://marc.info/?l=bugtraq&m=108498433632333&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=108500057108022&w=2 | Mailing List | |
| http://secunia.com/advisories/11638 | Third Party Advisory | |
| http://secunia.com/advisories/11650 | Third Party Advisory | |
| http://secunia.com/advisories/11673 | Third Party Advisory | |
| http://www.ciac.org/ciac/bulletins/o-148.shtml | Broken Link | |
| http://www.osvdb.org/6302 | Broken Link | |
| http://www.securityfocus.com/bid/10385 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16192 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841 | 2020-10-09 | |
| http://security.gentoo.org/glsa/glsa-200405-13.xml | 2020-10-09 | |
| http://security.gentoo.org/glsa/glsa-200405-15.xml | 2020-10-09 | |
| http://www.debian.org/security/2004/dsa-506 | 2020-10-09 | |
| http://www.debian.org/security/2004/dsa-507 | 2020-10-09 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:049 | 2020-10-09 | |
| http://www.redhat.com/support/errata/RHSA-2004-191.html | 2020-10-09 | |
| https://bugzilla.fedora.us/show_bug.cgi?id=1552 | 2020-10-09 | |
| https://access.redhat.com/security/cve/CVE-2004-0398 | 2004-05-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1617192 | 2004-05-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Webdav Search vendor "Webdav" | Cadaver Search vendor "Webdav" for product "Cadaver" | < 0.22.0 Search vendor "Webdav" for product "Cadaver" and version " < 0.22.0" | - |
Affected
| ||||||
| Webdav Search vendor "Webdav" | Neon Search vendor "Webdav" for product "Neon" | <= 0.24.5 Search vendor "Webdav" for product "Neon" and version " <= 0.24.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | - |
Affected
| ||||||