Vulnerability Name:

CVE-2004-0110 (CCN-15301)

Assigned:2004-02-12
Published:2004-02-12
Updated:2017-10-11
Summary:Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0110

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:836
libxml2

Source: BUGTRAQ
Type: UNKNOWN
20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml)

Source: BUGTRAQ
Type: UNKNOWN
20040306 TSLSA-2004-0010 - libxml2

Source: CCN
Type: RHSA-2004-090
libxml2 security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:090

Source: CCN
Type: RHSA-2004-091
Updated libxml2 packages fix security vulnerability

Source: CCN
Type: RHSA-2004-650
libxml security update

Source: CCN
Type: SA10958
Libxml2 URI Parsing Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
10958

Source: GENTOO
Type: UNKNOWN
GLSA-200403-01

Source: CCN
Type: CIAC Information Bulletin O-086
Red Hat Updated libxml2 Packages Fix Security Vulnerability

Source: CIAC
Type: UNKNOWN
O-086

Source: CCN
Type: CIAC Information Bulletin P-073
Updated "libxml" Packages for Versions Prior to 2.6.14

Source: DEBIAN
Type: UNKNOWN
DSA-455

Source: DEBIAN
Type: DSA-455
libxml -- buffer overflows

Source: CCN
Type: GLSA-200403-01
Libxml2 URI Parsing Buffer Overflow Vulnerabilities

Source: CCN
Type: US-CERT VU#493966
Libxml2 URI parsing errors in nanohttp and nanoftp

Source: CERT-VN
Type: US Government Resource
VU#493966

Source: CCN
Type: GLSA 200403-01
Libxml2 URI Parsing Buffer Overflow Vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:001

Source: CCN
Type: OpenPKG-SA-2004.003
Libxml

Source: REDHAT
Type: UNKNOWN
RHSA-2004:091

Source: REDHAT
Type: UNKNOWN
RHSA-2004:650

Source: BID
Type: Patch, Vendor Advisory
9718

Source: CCN
Type: BID-9718
libxml2 Remote URI Parsing Buffer Overrun Vulnerability

Source: CCN
Type: TLSA-2004-12
Buffer overflows

Source: CCN
Type: XML C parser and toolkit of Gnome Web site
Downloads

Source: CONFIRM
Type: UNKNOWN
http://www.xmlsoft.org/news.html

Source: XF
Type: UNKNOWN
libxml2-nanohttp-bo(15301)

Source: XF
Type: UNKNOWN
libxml2-nanohttp-bo(15301)

Source: XF
Type: UNKNOWN
libxml2-nanoftp-bo(15302)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11626

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:833

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:875

Source: SUSE
Type: SUSE-SR:2005:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sgi:propack:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:sgi:propack:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0110 (CCN-15302)

    Assigned:2004-02-12
    Published:2004-02-12
    Updated:2017-10-11
    Summary:Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0110

    Source: CCN
    Type: Conectiva Linux Security Announcement CLSA-2004:836
    libxml2

    Source: CCN
    Type: RHSA-2004-090
    libxml2 security update

    Source: CCN
    Type: RHSA-2004-091
    Updated libxml2 packages fix security vulnerability

    Source: CCN
    Type: RHSA-2004-650
    libxml security update

    Source: CCN
    Type: SA10958
    Libxml2 URI Parsing Buffer Overflow Vulnerabilities

    Source: CCN
    Type: CIAC Information Bulletin O-086
    Red Hat Updated libxml2 Packages Fix Security Vulnerability

    Source: DEBIAN
    Type: DSA-455
    libxml -- buffer overflows

    Source: CCN
    Type: GLSA-200403-01
    Libxml2 URI Parsing Buffer Overflow Vulnerabilities

    Source: CCN
    Type: US-CERT VU#493966
    Libxml2 URI parsing errors in nanohttp and nanoftp

    Source: CCN
    Type: OpenPKG-SA-2004.003
    Libxml

    Source: CCN
    Type: BID-9718
    libxml2 Remote URI Parsing Buffer Overrun Vulnerability

    Source: CCN
    Type: TLSA-2004-12
    Buffer overflows

    Source: CCN
    Type: XML C parser and toolkit of Gnome Web site
    Downloads

    Source: XF
    Type: UNKNOWN
    libxml2-nanoftp-bo(15302)

    Source: SUSE
    Type: SUSE-SR:2005:001
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040110
    V
    		CVE-2004-0110
    2015-11-16
    oval:org.mitre.oval:def:11626
    V
    		Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
    2013-04-29
    oval:org.mitre.oval:def:875
    V
    		XMLSoft Libxml2 Code Execution Vulnerability
    2007-04-25
    oval:com.redhat.rhsa:def:20040650
    P
    		RHSA-2004:650: libxml security update (Moderate)
    2005-05-26
    oval:org.debian:def:455
    V
    		buffer overflows
    2004-03-03
    oval:com.redhat.rhsa:def:20040090
    P
    		RHSA-2004:090: libxml2 security update (Moderate)
    2004-02-26
    BACK
    sgi propack 2.3
    sgi propack 2.4
    xmlsoft libxml 1.8.17
    xmlsoft libxml2 2.4.19
    xmlsoft libxml2 2.4.23
    xmlsoft libxml2 2.5.4
    xmlsoft libxml2 2.5.10
    xmlsoft libxml2 2.5.11
    xmlsoft libxml2 2.6.0
    xmlsoft libxml2 2.6.1
    xmlsoft libxml2 2.6.2
    xmlsoft libxml2 2.6.3
    xmlsoft libxml2 2.6.4
    xmlsoft libxml2 2.6.5