CVE-2004-0987
published 2005-01-10CVE-2004-0987: Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.
PriorityP433critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.18%
91.4th percentile
Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yard_radius | yard_radius | — | — |
| yard_radius | yard_radius | — | — |
| yard_radius | yard_radius | — | — |
| yard_radius | yard_radius | — | — |
| yard_radius | yard_radius | — | — |
| yard_radius | yard_radius | — | — |
| yard_radius | yard_radius | — | — |
| yard_radius_project | yard_radius | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0987 httpd mod_digest nonce not verified
bugzilla·2008-01-28·CVSS 7.5
CVE-2003-0987 [HIGH] CVE-2003-0987 httpd mod_digest nonce not verified
CVE-2003-0987 httpd mod_digest nonce not verified
Common Vulnerabilities and Exposures assigned an identifier CVE-2003-0987 to the following vulnerability:
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
References:
http://www.mail-archive.com/[email protected]/msg19007.html
http://www.mail-archive.com/[email protected]/msg19014.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:046
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
http://sunsolve.sun.com/search/document
Bugzilla
CVE-2003-0542 multiple flaws in Apache (CVE-2003-0542, CVE-2003-0987, CVE-2004-0940)
bugzilla·2005-10-25·CVSS 7.2
CVE-2003-0542 [HIGH] CVE-2003-0542 multiple flaws in Apache (CVE-2003-0542, CVE-2003-0987, CVE-2004-0940)
CVE-2003-0542 multiple flaws in Apache (CVE-2003-0542, CVE-2003-0987, CVE-2004-0940)
Several security issues have been found in various packages in Stronghold
4.0:
A flaw in the handling of regular expressions from configuration files
in the Apache HTTP Server could lead to a buffer overflow. To exploit this
issue, an attacker would need to have the ability to write to Apache
configuration files such as .htaccess or httpd.conf. (CVE-2003-0542)
mod_digest did not properly verify the nonce of a client response by using
a AuthNonce secret. This could allow a malicious user who is able to sniff
network traffic to conduct a replay attack against a website using Digest
protection. Note that mod_digest implements an older version of the MD5
Digest Authentication specification which is known no
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278384http://www.debian.org/security/2004/dsa-598http://www.securityfocus.com/bid/11753https://exchange.xforce.ibmcloud.com/vulnerabilities/18270http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278384http://www.debian.org/security/2004/dsa-598http://www.securityfocus.com/bid/11753https://exchange.xforce.ibmcloud.com/vulnerabilities/18270
2005-01-10
Published