ID CVE-2008-3746
Summary neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:a:webdav:neon:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:webdav:neon:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:webdav:neon:0.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:webdav:neon:0.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:webdav:neon:0.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:webdav:neon:0.28.2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 30710
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571
fedora FEDORA-2008-7661
mandriva MDVSA-2009:074
mlist
  • [neon] 20080820 CVE-2008-3746: NULL pointer dereference in Digest domain support
  • [neon] 20080820 neon: release 0.28.3 (SECURITY)
  • [oss-security] 20080815 CVE request for neon
  • [oss-security] 20080820 Re: CVE request for neon
sectrack 1020725
secunia
  • 31508
  • 31687
  • 32286
  • 36799
suse SUSE-SR:2008:017
ubuntu USN-835-1
vupen ADV-2008-2420
xf neon-digestauthentication-dos(44511)
statements via4
contributor Tomas Hoger
lastmodified 2008-08-28
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of neon as shipped with Red Hat Enterprise Linux 4, or 5.
Last major update 08-08-2017 - 01:32
Published 27-08-2008 - 15:21
Back to Top