Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-0397

Published: 07/07/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 765
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Subversion

Vulnerability Summary

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and previous versions allows remote malicious users to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.

Vulnerable Product Search on Vulmon Subscribe to Product

subversion subversion 1.0

subversion subversion 1.0.1

subversion subversion 1.0.2

Exploits

Exploit DB: Subversion 1.0.2 - Date Overflow (Metasploit)
## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' require 'msf/core/exploit/http' class Metasploit3 < M ...
Exploit DB: Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow
/* subversion-102 exploit by Gyan Chawdhary * exploits a stack overflow in the svn_time_from_cstring() function We build * a date format which is valid but at the same time exits after the sscanf * function, or else it branches into another function which segfaults at the * apr_pool_t *pool We overwrite our eip with a pointer to the main ...
Exploit DB: Subversion - Date Svnserve (Metasploit)
## # $Id: svnserve_daterb 9971 2010-08-07 06:59:16Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' require ' ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/10386http://www.securityfocus.com/archive/1/363814http://www.linuxsecurity.com/advisories/fedora_advisory-4373.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021737.htmlhttp://security.e-matters.de/advisories/082004.htmlhttps://bugzilla.fedora.us/show_bug.cgi?id=1748http://subversion.tigris.org/svn-sscanf-advisory.txthttp://www.gentoo.org/security/en/glsa/glsa-200405-14.xmlhttp://www.osvdb.org/6301http://secunia.com/advisories/11642http://secunia.com/advisories/11675http://marc.info/?l=bugtraq&m=108498676517697&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16191https://nvd.nist.govhttps://www.exploit-db.com/exploits/9935/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook