6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.5%
Greuff reports that the neon WebDAV client library contains
several format string bugs within error reporting code. A
malicious server may exploit these bugs by sending specially
crafted PROPFIND or PROPPATCH responses.
Although several applications include neon, such as cadaver and
subversion, the FreeBSD Ports of these applications are not
impacted. They are specifically configured to NOT use the
included neon. Only packages listed as affected in this
notice are believed to be impacted.