Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0179 — Use of Externally-Controlled Format String in Neon

CWE-134 — Use of Externally-Controlled Format String5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

8.1%

top 7.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Webdav Neon Debian Linux

Timeline

PublishedJun 1

Latest updateMay 3

Description

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDwebdav/neon0.19.0 — 0.24.5

Also affects: Debian Linux 3.0

🔴Vulnerability Details

GHSA

GHSA-3265-7c8c-jh75: Multiple format string vulnerabilities in (1) neon 0↗2022-05-03

▶

💥Exploits & PoCs

Exploit-DB

Neon WebDAV Client Library 0.2x - Format String↗2004-04-14

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-04-14

▶

💬Community

Bugzilla

CVE-2004-0179 security flaw↗2018-08-16

▶