CVE-2005-3183 - OpenCVE

The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
W3c	Libwww

Configuration 1 [-]

cpe:2.3:a:w3c:libwww:*:*:*:*:*:*:*:*

References

Link	Resource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
http://secunia.com/advisories/17119
http://secunia.com/advisories/17122
http://secunia.com/advisories/17489
http://secunia.com/advisories/17814
http://secunia.com/advisories/19193
http://secunia.com/advisories/25098
http://www.mandriva.com/security/advisories?name=MDKSA-2005:210
http://www.redhat.com/support/errata/RHSA-2007-0208.html
http://www.securityfocus.com/advisories/9444
http://www.securityfocus.com/advisories/9445
http://www.securityfocus.com/bid/15035
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597	Exploit Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9653
https://usn.ubuntu.com/220-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2005-10-12T04:00:00

Updated: 2018-10-03T20:57:01

Reserved: 2005-10-12T00:00:00

Link: CVE-2005-3183

JSON object: View

NVD Information

Status : Modified

Published: 2005-10-12T22:02:00.000

Modified: 2018-10-03T21:31:43.297

Link: CVE-2005-3183

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "oval:org.mitre.oval:def:9653", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9653"}, {"name": "MDKSA-2005:210", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:210"}, {"name": "25098", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25098"}, {"name": "FEDORA-2005-953", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.securityfocus.com/advisories/9444"}, {"name": "FEDORA-2005-952", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.securityfocus.com/advisories/9445"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597"}, {"name": "RHSA-2007:0208", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0208.html"}, {"name": "17814", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17814"}, {"name": "17122", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17122"}, {"name": "17489", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17489"}, {"name": "USN-220-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/220-1/"}, {"name": "19193", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19193"}, {"name": "SCOSA-2006.10", "tags": ["vendor-advisory", "x_refsource_SCO"], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"}, {"name": "15035", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15035"}, {"name": "17119", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17119"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-3183", "datePublished": "2005-10-12T04:00:00", "dateReserved": "2005-10-12T00:00:00", "dateUpdated": "2018-10-03T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:w3c:libwww:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB19713F-BA80-4434-9C4F-A6C2EA38489C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read."}], "id": "CVE-2005-3183", "lastModified": "2018-10-03T21:31:43.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-10-12T22:02:00.000", "references": [{"source": "secalert@redhat.com", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17119"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17122"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17489"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/17814"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/19193"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25098"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:210"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0208.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/advisories/9444"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/advisories/9445"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/15035"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9653"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/220-1/"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170518\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.\n", "lastModified": "2007-09-07T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}