Search for vulnerabilities
Vulnerability details: VCID-dt5u-tb95-aaaa
Vulnerability ID VCID-dt5u-tb95-aaaa
Aliases CVE-2004-0110
Summary Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2004:090
rhas Moderate https://access.redhat.com/errata/RHSA-2004:091
rhas Moderate https://access.redhat.com/errata/RHSA-2004:650
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.41518 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.53474 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.67689 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.87803 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.87803 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.87803 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
epss 0.89176 https://api.first.org/data/v1/epss?cve=CVE-2004-0110
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=430644
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2004-0110
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=107851606605420&w=2
http://marc.info/?l=bugtraq&m=107860178228804&w=2
http://rhn.redhat.com/errata/RHSA-2004-090.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0110.json
https://api.first.org/data/v1/epss?cve=CVE-2004-0110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0110
http://secunia.com/advisories/10958/
http://security.gentoo.org/glsa/glsa-200403-01.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/15301
https://exchange.xforce.ibmcloud.com/vulnerabilities/15302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A875
http://www.ciac.org/ciac/bulletins/o-086.shtml
http://www.debian.org/security/2004/dsa-455
http://www.kb.cert.org/vuls/id/493966
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.redhat.com/support/errata/RHSA-2004-091.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.securityfocus.com/bid/9718
http://www.xmlsoft.org/news.html
430644 https://bugzilla.redhat.com/show_bug.cgi?id=430644
cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*
cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
CVE-2004-0110 https://nvd.nist.gov/vuln/detail/CVE-2004-0110
OSVDB-4033;CVE-2004-0110 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/601.c
RHSA-2004:090 https://access.redhat.com/errata/RHSA-2004:090
RHSA-2004:091 https://access.redhat.com/errata/RHSA-2004:091
RHSA-2004:650 https://access.redhat.com/errata/RHSA-2004:650
Data source Exploit-DB
Date added Oct. 25, 2004
Description libxml 2.6.12 nanoftp - Local Buffer Overflow
Ransomware campaign use Known
Source publication date Oct. 26, 2004
Exploit type local
Platform linux
Source update date April 12, 2016
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2004-0110
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97132
EPSS Score 0.41518
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.