Vulnerability Description
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
CVSS Score
7.6
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pavuk | Pavuk | 0.9pl28i |
| Debian | Debian Linux | 3.0 |
| Gentoo | Linux | 1.1a |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023322.html
- http://security.gentoo.org/glsa/glsa-200406-22.xmlPatchVendor Advisory
- http://www.debian.org/security/2004/dsa-527PatchVendor Advisory
- http://www.securityfocus.com/bid/10633PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16551
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023322.html
- http://security.gentoo.org/glsa/glsa-200406-22.xmlPatchVendor Advisory
- http://www.debian.org/security/2004/dsa-527PatchVendor Advisory
- http://www.securityfocus.com/bid/10633PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16551
FAQ
What is CVE-2004-0456?
CVE-2004-0456 is a vulnerability with a CVSS score of 7.6 (HIGH). Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
How severe is CVE-2004-0456?
CVE-2004-0456 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0456?
Check the references section above for vendor advisories and patch information. Affected products include: Pavuk Pavuk, Debian Debian Linux, Gentoo Linux.