Vulnerability Details : CVE-2007-0157
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
Vulnerability category: Denial of service
Products affected by CVE-2007-0157
- cpe:2.3:a:neon:neon:0.26.0:*:*:*:*:*:*:*
- cpe:2.3:a:neon:neon:0.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:neon:neon:0.26.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0157
7.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0157
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
Vendor statements for CVE-2007-0157
-
Red Hat 2007-01-15Not vulnerable. This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the older versions of neon included in the cadaver package.
References for CVE-2007-0157
-
http://www.novell.com/linux/security/advisories/2007_02_sr.html
404 Page Not Found | SUSE
-
http://www.securityfocus.com/bid/22035
-
http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2
-
http://mailman.webdav.org/pipermail/neon/2007-January/002362.html
-
http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:013
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723
-
http://www.vupen.com/english/advisories/2007/0362
-
http://www.webdav.org/cadaver/
-
http://www.vupen.com/english/advisories/2007/0172
Jump to