Vulnerability Details CVE-2004-1120
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.102
EPSS Ranking 92.8%
CVSS Severity
CVSS v2 Score 10.0
References
- http://bugs.gentoo.org/show_bug.cgi?id=70090
- http://www.debian.org/security/2005/dsa-663
- http://www.gentoo.org/security/en/glsa/glsa-200411-31.xml
- http://www.securityfocus.com/archive/1/382219
- http://www.securityfocus.com/bid/11734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18210
- http://bugs.gentoo.org/show_bug.cgi?id=70090
- http://www.debian.org/security/2005/dsa-663
- http://www.gentoo.org/security/en/glsa/glsa-200411-31.xml
- http://www.securityfocus.com/archive/1/382219
- http://www.securityfocus.com/bid/11734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18210
Products affected by CVE-2004-1120
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.0.0
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.0
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.1
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.2
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.3
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.4
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5.1
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5.2
-
cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.6