CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

Published: Jun 1, 2004
Updated: Nov 9, 2025
CVE: CVE-2004-0179
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
webdav / neon	0.19.0	0.24.5
debian / debian_linux	3.0	3.0.x

ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html
http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html
http://marc.info/?l=bugtraq&m=108213873203477&w=2
http://marc.info/?l=bugtraq&m=108214147022626&w=2
http://secunia.com/advisories/11363
http://security.gentoo.org/glsa/glsa-200405-01.xml
http://security.gentoo.org/glsa/glsa-200405-04.xml
http://www.debian.org/security/2004/dsa-487
http://www.mandriva.com/security/advisories?name=MDKSA-2004:032
http://www.osvdb.org/5365
http://www.redhat.com/support/errata/RHSA-2004-157.html
http://www.redhat.com/support/errata/RHSA-2004-158.html
http://www.redhat.com/support/errata/RHSA-2004-159.html
http://www.redhat.com/support/errata/RHSA-2004-160.html
http://www.securityfocus.com/bid/10136
https://bugzilla.fedora.us/show_bug.cgi?id=1552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913

Vulnerability Database

CVE-2004-0179

Deep Security Visibility Without the Complexity