CVE-2004-0179
MEDIUM severity · CVSS 6.8 · CWE-134
6.8CVSS MEDIUM
Summary
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)11%
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
- http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html
- http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html
- http://marc.info/?l=bugtraq&m=108213873203477&w=2Advisory
- http://marc.info/?l=bugtraq&m=108214147022626&w=2Advisory
- http://secunia.com/advisories/11363Advisory
- http://security.gentoo.org/glsa/glsa-200405-01.xmlAdvisory
- http://security.gentoo.org/glsa/glsa-200405-04.xmlAdvisory