Executive Summary

Informations
Name CVE-2004-0413 First vendor Publication 2004-08-06
Vendor Cve Last vendor Modification 2017-07-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0413

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-47 Buffer Overflow via Parameter Expansion

CWE : Common Weakness Enumeration

% Id Name

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 5

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200406-07 (dev-util/subversion)
File : nvt/glsa_200406_07.nasl
2005-11-03 Name : Subversion SVN Protocol Parser Remote Integer Overflow
File : nvt/subversion_1_0_5.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
6935 Subversion (SVN) svnserver svn:// Protocol Handler Remote Overflow

A remote overflow exists in the Subversion libsvn_ra_svn library. svnserver fails to validate svn:// requests resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Subversion svn pProtocol string parsing heap overflow attempt
RuleID : 15970 - Revision : 6 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2004-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200406-07.nasl - Type : ACT_GATHER_INFO
2004-07-25 Name : The remote host is missing a vendor-supplied security patch.
File : suse_SA_2004_018.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-165.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-166.nasl - Type : ACT_GATHER_INFO
2004-06-22 Name : The remote host has an application that is affected by a heap overflow vulner...
File : subversion_1_0_5.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/10519
BUGTRAQ http://www.securityfocus.com/archive/1/365836
CONFIRM http://subversion.tigris.org/security/CAN-2004-0413-advisory.txt
FEDORA http://www.securityfocus.com/advisories/6847
https://bugzilla.fedora.us/show_bug.cgi?id=1748
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200406-07.xml
SUSE http://www.novell.com/linux/security/advisories/2004_18_subversion.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/16396

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2020-05-23 00:15:47
  • Multiple Updates
2017-07-11 12:01:26
  • Multiple Updates
2014-02-17 10:27:29
  • Multiple Updates
2014-01-19 21:22:12
  • Multiple Updates
2013-05-11 11:41:33
  • Multiple Updates