Webdav Neon vulnerabilities

5 known vulnerabilities affecting webdav/neon.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2009-2474MEDIUMCVSS 5.8fixed in 0.28.62009-08-21
CVE-2009-2474 [MEDIUM] CVE-2009-2474: neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a d neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
nvd
CVE-2009-2473MEDIUMCVSS 4.3PoCv0.28.62009-08-21
CVE-2009-2473 [MEDIUM] CVE-2009-2473: neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
nvd
CVE-2008-3746MEDIUMCVSS 4.3v0.28.0v0.28.1+1 more2008-08-27
CVE-2008-3746 [MEDIUM] CVE-2008-3746: neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer derefere neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
nvd
CVE-2004-0398HIGHCVSS 7.5≤ 0.24.52004-07-07
CVE-2004-0398 [HIGH] CWE-787 CVE-2004-0398: Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libne Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
nvd
CVE-2004-0179MEDIUMCVSS 6.8PoC≥ 0.19.0, < 0.24.52004-06-01
CVE-2004-0179 [MEDIUM] CWE-134 CVE-2004-0179: Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use n Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
nvd