Search criteria
4 vulnerabilities by webdav
CVE-2009-2474 (GCVE-0-2009-2474)
Vulnerability from cvelistv5 – Published: 2009-08-21 17:00 – Updated: 2024-08-07 05:52
VLAI
Summary
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2009-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[neon] 20090818 neon: release 0.28.6 (SECURITY)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html"
},
{
"name": "[neon] 20090818 CVE-2009-2474: fix handling of NUL in SSL cert subject names",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "ADV-2009-2341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2341"
},
{
"name": "oval:org.mitre.oval:def:11721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721"
},
{
"name": "MDVSA-2009:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221"
},
{
"name": "36079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36079"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "36371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36371"
},
{
"name": "USN-835-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-835-1"
},
{
"name": "FEDORA-2009-8815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html"
},
{
"name": "FEDORA-2009-8794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html"
},
{
"name": "36799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[neon] 20090818 neon: release 0.28.6 (SECURITY)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html"
},
{
"name": "[neon] 20090818 CVE-2009-2474: fix handling of NUL in SSL cert subject names",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "ADV-2009-2341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2341"
},
{
"name": "oval:org.mitre.oval:def:11721",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721"
},
{
"name": "MDVSA-2009:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221"
},
{
"name": "36079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36079"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "36371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36371"
},
{
"name": "USN-835-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-835-1"
},
{
"name": "FEDORA-2009-8815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html"
},
{
"name": "FEDORA-2009-8794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html"
},
{
"name": "36799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36799"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2474",
"datePublished": "2009-08-21T17:00:00.000Z",
"dateReserved": "2009-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2473 (GCVE-0-2009-2473)
Vulnerability from cvelistv5 – Published: 2009-08-21 17:00 – Updated: 2024-08-07 05:52
VLAI
Summary
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2009-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[neon] 20090818 neon: release 0.28.6 (SECURITY)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html"
},
{
"name": "oval:org.mitre.oval:def:9461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "ADV-2009-2341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2341"
},
{
"name": "MDVSA-2009:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "RHSA-2013:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0131.html"
},
{
"name": "36371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36371"
},
{
"name": "FEDORA-2009-8815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html"
},
{
"name": "FEDORA-2009-8794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html"
},
{
"name": "neon-xml-dos(52633)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52633"
},
{
"name": "[neon] 20090818 CVE-2009-2473: fix for \"billion laughs\" attack against expat",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[neon] 20090818 neon: release 0.28.6 (SECURITY)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html"
},
{
"name": "oval:org.mitre.oval:def:9461",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "ADV-2009-2341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2341"
},
{
"name": "MDVSA-2009:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "RHSA-2013:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0131.html"
},
{
"name": "36371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36371"
},
{
"name": "FEDORA-2009-8815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html"
},
{
"name": "FEDORA-2009-8794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html"
},
{
"name": "neon-xml-dos(52633)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52633"
},
{
"name": "[neon] 20090818 CVE-2009-2473: fix for \"billion laughs\" attack against expat",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2473",
"datePublished": "2009-08-21T17:00:00.000Z",
"dateReserved": "2009-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3746 (GCVE-0-2008-3746)
Vulnerability from cvelistv5 – Published: 2008-08-27 15:00 – Updated: 2024-08-07 09:52
VLAI
Summary
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public
2008-08-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:52:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "32286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32286"
},
{
"name": "[neon] 20080820 neon: release 0.28.3 (SECURITY)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html"
},
{
"name": "31508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31508"
},
{
"name": "1020725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020725"
},
{
"name": "FEDORA-2008-7661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00367.html"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "[neon] 20080820 CVE-2008-3746: NULL pointer dereference in Digest domain support",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html"
},
{
"name": "MDVSA-2009:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:074"
},
{
"name": "[oss-security] 20080820 Re: CVE request for neon",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/20/5"
},
{
"name": "[oss-security] 20080815 CVE request for neon",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/15/4"
},
{
"name": "30710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30710"
},
{
"name": "[oss-security] 20080820 Re: CVE request for neon",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/20/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571"
},
{
"name": "USN-835-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-835-1"
},
{
"name": "36799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36799"
},
{
"name": "ADV-2008-2420",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2420"
},
{
"name": "neon-digestauthentication-dos(44511)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "32286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32286"
},
{
"name": "[neon] 20080820 neon: release 0.28.3 (SECURITY)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html"
},
{
"name": "31508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31508"
},
{
"name": "1020725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020725"
},
{
"name": "FEDORA-2008-7661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00367.html"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "[neon] 20080820 CVE-2008-3746: NULL pointer dereference in Digest domain support",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html"
},
{
"name": "MDVSA-2009:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:074"
},
{
"name": "[oss-security] 20080820 Re: CVE request for neon",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/20/5"
},
{
"name": "[oss-security] 20080815 CVE request for neon",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/15/4"
},
{
"name": "30710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30710"
},
{
"name": "[oss-security] 20080820 Re: CVE request for neon",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/20/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571"
},
{
"name": "USN-835-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-835-1"
},
{
"name": "36799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36799"
},
{
"name": "ADV-2008-2420",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2420"
},
{
"name": "neon-digestauthentication-dos(44511)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "32286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32286"
},
{
"name": "[neon] 20080820 neon: release 0.28.3 (SECURITY)",
"refsource": "MLIST",
"url": "http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html"
},
{
"name": "31508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31508"
},
{
"name": "1020725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020725"
},
{
"name": "FEDORA-2008-7661",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00367.html"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "[neon] 20080820 CVE-2008-3746: NULL pointer dereference in Digest domain support",
"refsource": "MLIST",
"url": "http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html"
},
{
"name": "MDVSA-2009:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:074"
},
{
"name": "[oss-security] 20080820 Re: CVE request for neon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/20/5"
},
{
"name": "[oss-security] 20080815 CVE request for neon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/15/4"
},
{
"name": "30710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30710"
},
{
"name": "[oss-security] 20080820 Re: CVE request for neon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/20/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571"
},
{
"name": "USN-835-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-835-1"
},
{
"name": "36799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36799"
},
{
"name": "ADV-2008-2420",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2420"
},
{
"name": "neon-digestauthentication-dos(44511)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3746",
"datePublished": "2008-08-27T15:00:00.000Z",
"dateReserved": "2008-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:52:59.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0398 (GCVE-0-2004-0398)
Vulnerability from cvelistv5 – Published: 2004-05-20 04:00 – Updated: 2024-08-08 00:17
VLAI
Summary
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public
2004-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11638"
},
{
"name": "11673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11673"
},
{
"name": "6302",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6302"
},
{
"name": "20040519 Advisory 06/2004: libneon date parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html"
},
{
"name": "11650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11650"
},
{
"name": "20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108500057108022\u0026w=2"
},
{
"name": "GLSA-200405-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-13.xml"
},
{
"name": "O-148",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-148.shtml"
},
{
"name": "GLSA-200405-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-15.xml"
},
{
"name": "MDKSA-2004:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:049"
},
{
"name": "10385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10385"
},
{
"name": "DSA-506",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-506"
},
{
"name": "FEDORA-2004-1552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1552"
},
{
"name": "neon-library-nerfc1036parse-bo(16192)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16192"
},
{
"name": "DSA-507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-507"
},
{
"name": "CLA-2004:841",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000841"
},
{
"name": "20040519 Advisory 06/2004: libneon date parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108498433632333\u0026w=2"
},
{
"name": "RHSA-2004:191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-191.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11638"
},
{
"name": "11673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11673"
},
{
"name": "6302",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6302"
},
{
"name": "20040519 Advisory 06/2004: libneon date parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html"
},
{
"name": "11650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11650"
},
{
"name": "20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108500057108022\u0026w=2"
},
{
"name": "GLSA-200405-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-13.xml"
},
{
"name": "O-148",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-148.shtml"
},
{
"name": "GLSA-200405-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-15.xml"
},
{
"name": "MDKSA-2004:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:049"
},
{
"name": "10385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10385"
},
{
"name": "DSA-506",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-506"
},
{
"name": "FEDORA-2004-1552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1552"
},
{
"name": "neon-library-nerfc1036parse-bo(16192)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16192"
},
{
"name": "DSA-507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-507"
},
{
"name": "CLA-2004:841",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000841"
},
{
"name": "20040519 Advisory 06/2004: libneon date parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108498433632333\u0026w=2"
},
{
"name": "RHSA-2004:191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-191.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11638"
},
{
"name": "11673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11673"
},
{
"name": "6302",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6302"
},
{
"name": "20040519 Advisory 06/2004: libneon date parsing vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html"
},
{
"name": "11650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11650"
},
{
"name": "20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108500057108022\u0026w=2"
},
{
"name": "GLSA-200405-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-13.xml"
},
{
"name": "O-148",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-148.shtml"
},
{
"name": "GLSA-200405-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-15.xml"
},
{
"name": "MDKSA-2004:049",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:049"
},
{
"name": "10385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10385"
},
{
"name": "DSA-506",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-506"
},
{
"name": "FEDORA-2004-1552",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1552"
},
{
"name": "neon-library-nerfc1036parse-bo(16192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16192"
},
{
"name": "DSA-507",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-507"
},
{
"name": "CLA-2004:841",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000841"
},
{
"name": "20040519 Advisory 06/2004: libneon date parsing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108498433632333\u0026w=2"
},
{
"name": "RHSA-2004:191",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-191.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0398",
"datePublished": "2004-05-20T04:00:00.000Z",
"dateReserved": "2004-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:17:14.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}