CVE-2004-0179

Current Description

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

Basic Data

PublishedJune 01, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCadaverCadaver Webdav Client0.20.0*******
    2.3ApplicationCadaverCadaver Webdav Client0.20.1*******
    2.3ApplicationCadaverCadaver Webdav Client0.20.2*******
    2.3ApplicationCadaverCadaver Webdav Client0.20.3*******
    2.3ApplicationCadaverCadaver Webdav Client0.20.4*******
    2.3ApplicationCadaverCadaver Webdav Client0.20.5*******
    2.3ApplicationCadaverCadaver Webdav Client0.21.0*******
    2.3ApplicationCadaverCadaver Webdav Client0.22.0*******
    2.3ApplicationCadaverCadaver Webdav Client0.22.1*******
    2.3ApplicationNeonNeon Client Library0.19.3*******
    2.3ApplicationNeonNeon Client Library0.23*******
    2.3ApplicationNeonNeon Client Library0.23.1*******
    2.3ApplicationNeonNeon Client Library0.23.2*******
    2.3ApplicationNeonNeon Client Library0.23.3*******
    2.3ApplicationNeonNeon Client Library0.23.4*******
    2.3ApplicationNeonNeon Client Library0.23.5*******
    2.3ApplicationNeonNeon Client Library0.23.6*******
    2.3ApplicationNeonNeon Client Library0.23.7*******
    2.3ApplicationNeonNeon Client Library0.23.8*******
    2.3ApplicationNeonNeon Client Library0.24*******
    2.3ApplicationNeonNeon Client Library0.24.1*******
    2.3ApplicationNeonNeon Client Library0.24.2*******
    2.3ApplicationNeonNeon Client Library0.24.3*******
    2.3ApplicationNeonNeon Client Library0.24.4*******
    2.3ApplicationOpenofficeOpenoffice1.1.2*******
    2.3ApplicationSubversionSubversion********

Vulnerable Software List

VendorProductVersions
Openoffice Openoffice 1.1.2
Cadaver Cadaver Webdav Client 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.20.4, 0.20.5, 0.21.0, 0.22.0, 0.22.1
Neon Neon Client Library 0.19.3, 0.23, 0.23.1, 0.23.2, 0.23.3, 0.23.4, 0.23.5, 0.23.6, 0.23.7, 0.23.8, 0.24, 0.24.1, 0.24.2, 0.24.3, 0.24.4
Subversion Subversion *

References

NameSourceURLTags
20040404-01-Uftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascSGIPATCH Vendor Advisory
SuSE-SA:2004:009http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.htmlSUSEPATCH Vendor Advisory
SuSE-SA:2004:008http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.htmlSUSEPATCH Vendor Advisory
20040416 [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)http://marc.info/?l=bugtraq&m=108213873203477&w=2BUGTRAQ
20040416 void.at - neon format string bugshttp://marc.info/?l=bugtraq&m=108214147022626&w=2BUGTRAQ
11363http://secunia.com/advisories/11363SECUNIAPATCH Vendor Advisory
GLSA-200405-01http://security.gentoo.org/glsa/glsa-200405-01.xmlGENTOOPATCH Vendor Advisory
GLSA-200405-04http://security.gentoo.org/glsa/glsa-200405-04.xmlGENTOOPATCH Vendor Advisory
DSA-487http://www.debian.org/security/2004/dsa-487DEBIANPATCH Vendor Advisory
MDKSA-2004:032http://www.mandriva.com/security/advisories?name=MDKSA-2004:032MANDRAKEVendor Advisory
5365http://www.osvdb.org/5365OSVDB
RHSA-2004:157http://www.redhat.com/support/errata/RHSA-2004-157.htmlREDHATPATCH Vendor Advisory
RHSA-2004:158http://www.redhat.com/support/errata/RHSA-2004-158.htmlREDHATPATCH
RHSA-2004:159http://www.redhat.com/support/errata/RHSA-2004-159.htmlREDHATPATCH
RHSA-2004:160http://www.redhat.com/support/errata/RHSA-2004-160.htmlREDHATPATCH
10136http://www.securityfocus.com/bid/10136BID
FEDORA-2004-1552https://bugzilla.fedora.us/show_bug.cgi?id=1552FEDORAPATCH
oval:org.mitre.oval:def:1065https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065OVAL
oval:org.mitre.oval:def:10913https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913OVAL