Lucene search
RootSSV:12116HistoryAug 26, 2009 - 12:00 a.m.
Neon XML文档解析拒绝服务漏洞
2009-08-2600:00:00
Root
www.seebug.org
14
0.003 Low
EPSS
Percentile
64.0%
BUGTRAQ ID: 36080
CVE(CAN) ID: CVE-2009-2473
neon是一款HTTP和WebDAV客户端库。
如果使用了expat库,neon在实体扩展期间没有正确的检测递归。当客户端应用访问恶意的DAV服务器或使用XML解析接口(ne_xml*)解析XML文档的时候,包含有大量嵌套实体引用的特制XML文档就可能耗尽大量内存和CPU资源。
Neon Client Library < 0.28.6
厂商补丁:
Neon
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html
Related
altlinux
altlinux
Security fix for the ALT Linux 5 package gnome-vfs version 1:2.24.3-alt2
2010-09-27 00:00:00
nessus
nessus
Oracle Linux 5 : gnome-vfs2 (ELSA-2013-0131)
2013-07-12 00:00:00
RHEL 5 : gnome-vfs2 (RHSA-2013:0131)
2013-01-08 00:00:00
CentOS 5 : gnome-vfs2 (CESA-2013:0131)
2013-01-17 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-8794 (neon)
2009-09-02 00:00:00
RedHat Update for gnome-vfs2 RHSA-2013:0131-01
2013-01-11 00:00:00
Fedora Core 11 FEDORA-2009-8815 (neon)
2009-09-02 00:00:00
redhat
redhat
(RHSA-2013:0131) Low: gnome-vfs2 security and bug fix update
2013-01-08 00:00:00
(RHSA-2009:1452) Moderate: neon security update
2009-09-21 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: neon-0.28.6-1.fc11
2009-08-20 21:03:23
[SECURITY] Fedora 10 Update: neon-0.28.6-1.fc10
2009-08-20 20:59:38
centos
centos
gnome security update
2013-01-09 19:45:49
neon security update
2009-09-22 13:46:23
oraclelinux
oraclelinux
gnome-vfs2 security and bug fix update
2013-01-11 00:00:00
neon security update
2009-09-21 00:00:00
ubuntucve
ubuntucve
CVE-2009-2473
2009-08-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:53:01
securityvulns
securityvulns
libneon certificate spoofing
2009-08-25 00:00:00
[ MDVSA-2009:221 ] libneon0.27
2009-08-25 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
prion
prion
Code injection
2009-08-21 17:30:00
debiancve
debiancve
CVE-2009-2473
2009-08-21 17:30:00
cve
cve
CVE-2009-2473
2009-08-21 17:30:00