Vulnerability Details : CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

Vulnerability category: OverflowExecute code

Published 2004-06-01 04:00:00

Updated 2020-10-13 16:52:08

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-0179

Probability of exploitation activity in the next 30 days: 0.61%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-0179

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2004-0179

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Assigned by: [email protected] (Primary)

References for CVE-2004-0179

http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html

Broken Link
http://marc.info/?l=bugtraq&m=108214147022626&w=2

Issue Tracking;Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc

Broken Link

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913

Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-157.html

Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html

Broken Link
http://security.gentoo.org/glsa/glsa-200405-01.xml

Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-159.html

Third Party Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=1552

Broken Link
http://www.debian.org/security/2004/dsa-487

Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-160.html

Third Party Advisory
http://security.gentoo.org/glsa/glsa-200405-04.xml

Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:032

Third Party Advisory
http://www.securityfocus.com/bid/10136

Third Party Advisory;VDB Entry
http://www.redhat.com/support/errata/RHSA-2004-158.html

Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065

Third Party Advisory
http://marc.info/?l=bugtraq&m=108213873203477&w=2

Issue Tracking;Third Party Advisory

Products affected by CVE-2004-0179

Debian » Debian Linux » Version: 3.0
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
Matching versions
Webdav » Neon
Versions from including (>=) 0.19.0 and before (<) 0.24.5
cpe:2.3:a:webdav:neon:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apache » Openoffice
When used together with: Apache » Subversion
When used together with: Webdav » Cadaver