This host has Neon installed and is prone to Certificate Spoofing and Denial of Service vulnerability.

Attacker may leverage this issue to conduct man-in-the-middle attacks to spoof arbitrary SSL servers, and can deny the service by memory or CPU consumption on the affected application. Impact Level: System/Application

Upgrade to version 0.28.6 or latest http://www.webdav.org/neon/

- When OpenSSL is used, neon does not properly handle a '&qt?&qt' character in a domain name in the 'subject&qts' Common Name (CN) field of an X.509 certificate via a crafted certificate issued by a legitimate Certification Authority. - When expat is used, neon does not properly detect recursion during entity expansion via a crafted XML document containing a large number of nested entity references.

WebDAV, Neon version prior to 0.28.6 on Linux.

• http://secunia.com/advisories/36371
• http://www.vupen.com/english/advisories/2009/2341
• http://xforce.iss.net/xforce/xfdb/52633

---

Updated on 2015-03-25