Vulnerability Details : CVE-2004-0398
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Vulnerability category: OverflowMemory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2004-0398
Probability of exploitation activity in the next 30 days: 1.90%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0398
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2004-0398
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-0398
-
http://www.redhat.com/support/errata/RHSA-2004-191.html
Third Party Advisory
-
http://www.debian.org/security/2004/dsa-507
Third Party Advisory
-
http://marc.info/?l=bugtraq&m=108500057108022&w=2
Third Party Advisory
-
http://marc.info/?l=bugtraq&m=108498433632333&w=2
Third Party Advisory
-
http://www.debian.org/security/2004/dsa-506
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200405-13.xml
Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16192
Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-200405-15.xml
Third Party Advisory
-
http://www.securityfocus.com/bid/10385
Third Party Advisory;VDB Entry
Products affected by CVE-2004-0398
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:webdav:neon:*:*:*:*:*:*:*:*
- cpe:2.3:a:webdav:cadaver:*:*:*:*:*:*:*:*