CVE-2004-0179 — MEDIUM (6.8)

Q: How severe is CVE-2004-0179?

CVE-2004-0179 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-0179?

Check the references section above for vendor advisories and patch information. Affected products include: Webdav Neon, Apache Openoffice, Apache Subversion, Webdav Cadaver, Debian Debian Linux.

Vulnerability Description

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Webdav	Neon	>= 0.19.0, < 0.24.5
Apache	Openoffice	All versions
Apache	Subversion	All versions
Webdav	Cadaver	All versions
Debian	Debian Linux	3.0

Related Weaknesses (CWE)

CWE-134

References

ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascBroken Link
http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.htmlBroken Link
http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.htmlBroken Link
http://marc.info/?l=bugtraq&m=108213873203477&w=2Issue TrackingThird Party Advisory
http://marc.info/?l=bugtraq&m=108214147022626&w=2Issue TrackingThird Party Advisory
http://secunia.com/advisories/11363Third Party Advisory
http://security.gentoo.org/glsa/glsa-200405-01.xmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-200405-04.xmlThird Party Advisory
http://www.debian.org/security/2004/dsa-487Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:032Third Party Advisory
http://www.osvdb.org/5365Broken Link
http://www.redhat.com/support/errata/RHSA-2004-157.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-158.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-159.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2004-160.htmlThird Party Advisory

FAQ

What is CVE-2004-0179?

CVE-2004-0179 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers...

How severe is CVE-2004-0179?

CVE-2004-0179 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0179?

Check the references section above for vendor advisories and patch information. Affected products include: Webdav Neon, Apache Openoffice, Apache Subversion, Webdav Cadaver, Debian Debian Linux.