| ID |
CVE-2004-0110
|
| Summary |
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*
cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*
-
cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
-
cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 11-10-2017 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2013-04-29T04:15:02.176-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | | oval | oval:org.mitre.oval:def:11782 |
| comment | CentOS Linux 3.x | | oval | oval:org.mitre.oval:def:16651 |
| | description | Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | | family | unix | | id | oval:org.mitre.oval:def:11626 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | | version | 30 |
| accepted | 2007-04-25T19:52:58.231-04:00 | | class | vulnerability | | contributors | | name | Jay Beale | | organization | Bastille Linux |
| name | Matt Busby | | organization | The MITRE Corporation |
| name | Matt Busby | | organization | The MITRE Corporation |
| name | Thomas R. Jones | | organization | Maitreya Security |
| name | Robert L. Hollis | | organization | ThreatGuard, Inc. |
| | description | Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | | family | unix | | id | oval:org.mitre.oval:def:833 | | status | deprecated | | submitted | 2004-03-20T12:00:00.000-04:00 | | title | XMLSoft Libxml2 Code Execution Vulnerability | | version | 38 |
| accepted | 2007-04-25T19:53:05.843-04:00 | | class | vulnerability | | contributors | | name | Jay Beale | | organization | Bastille Linux |
| name | Jay Beale | | organization | Bastille Linux |
| name | Thomas R. Jones | | organization | Maitreya Security |
| | description | Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | | family | unix | | id | oval:org.mitre.oval:def:875 | | status | accepted | | submitted | 2004-02-22T12:00:00.000-04:00 | | title | XMLSoft Libxml2 Code Execution Vulnerability | | version | 37 |
|
| redhat
via4
|
| advisories | | | rpms | - libxml2-0:2.5.10-6
- libxml2-debuginfo-0:2.5.10-6
- libxml2-devel-0:2.5.10-6
- libxml2-python-0:2.5.10-6
- libxml-1:1.8.17-9.2
- libxml-debuginfo-1:1.8.17-9.2
- libxml-devel-1:1.8.17-9.2
|
|
| refmap
via4
|
| bid | 9718 | | bugtraq | - 20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml)
- 20040306 TSLSA-2004-0010 - libxml2
| | cert-vn | VU#493966 | | ciac | O-086 | | confirm | http://www.xmlsoft.org/news.html | | debian | DSA-455 | | gentoo | GLSA-200403-01 | | secunia | 10958 | | suse | SUSE-SR:2005:001 | | xf | - libxml2-nanoftp-bo(15302)
- libxml2-nanohttp-bo(15301)
|
|
| Last major update |
11-10-2017 - 01:29 |
| Published |
15-03-2004 - 05:00 |
| Last modified |
11-10-2017 - 01:29 |
