| Vulnerability Name: | CVE-2004-0456 (CCN-16551) | ||||||||
| Assigned: | 2004-06-30 | ||||||||
| Published: | 2004-06-30 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Thu Jul 01 2004 - 17:48:20 CDT pavuk buffer overflow Source: MITRE Type: CNA CVE-2004-0456 Source: FULLDISC Type: UNKNOWN 20040702 pavuk buffer overflow Source: GENTOO Type: Patch, Vendor Advisory GLSA-200406-22 Source: DEBIAN Type: Patch, Vendor Advisory DSA-527 Source: DEBIAN Type: DSA-527 pavuk -- buffer overflow Source: CCN Type: GLSA-200406-22 Pavuk: Remote buffer overflow Source: CCN Type: GLSA-200411-19 Pavuk: Multiple buffer overflows Source: CCN Type: Pavuk Web site Pavuk Source: CCN Type: OSVDB ID: 11537 Pavuk Multiple Unspecified Overflows Source: CCN Type: OSVDB ID: 7319 Pavuk HTTP Location Header Overflow Source: BID Type: Patch, Vendor Advisory 10633 Source: CCN Type: BID-10633 Pavuk Remote Stack-Based Buffer Overrun Vulnerability Source: CCN Type: BID-11626 Pavuk Multiple Unspecified Remote Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN pavuk-location-bo(16551) Source: XF Type: UNKNOWN pavuk-location-bo(16551) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||