CVE-2004-0397

Subversion <= 1.0.2 - Remote Code Execution via DAV2 REPORT Query or get-dated-rev Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-0397. PoCs published by Metasploit, Gyan Chawdhary, spoonm, including Metasploit module exploits/multi/svn/svnserve_date.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in Subversion's svnserve daemon (CVE-2004-0397) via malformed date parsing. It targets Linux and FreeBSD systems, using a brute-force approach to bypass ASLR.

Description

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubydosunix
https://www.exploit-db.com/exploits/16284

This is a Metasploit module exploiting a buffer overflow in Subversion's svnserve daemon (CVE-2004-0397) via malformed date parsing. It targets Linux and FreeBSD systems, using a brute-force approach to bypass ASLR.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Subversion svnserve (versions prior to fix for CVE-2004-0397)
No auth needed
Prerequisites: Network access to svnserve (port 3690) · Target system running vulnerable Subversion version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Gyan Chawdhary · cremotelinux
https://www.exploit-db.com/exploits/304

This exploit targets a stack overflow in the svn_time_from_cstring() function in Subversion 1.0.2. It crafts a malicious date format to overwrite the EIP and execute shellcode, binding a shell on port 36864.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Subversion 1.0.2
No auth needed
Prerequisites: Network access to the target svnserve instance · Subversion 1.0.2 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by spoonm · rubyremotemultiple
https://www.exploit-db.com/exploits/9935

This is a Metasploit exploit for CVE-2004-0397, targeting a buffer overflow in the Subversion svnserve daemon's date parsing functionality. It uses a brute-force approach to achieve remote code execution on Linux and FreeBSD systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Subversion svnserve (versions prior to fix for CVE-2004-0397)
No auth needed
Prerequisites: Network access to the svnserve daemon (port 3690 by default) · Target system running a vulnerable version of Subversion
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/svn/svnserve_date.rb

This is a Metasploit module exploiting a buffer overflow in Subversion's svnserve daemon (CVE-2004-0397) via malformed date parsing. It targets Linux and FreeBSD systems by brute-forcing return addresses to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Subversion svnserve (versions affected by CVE-2004-0397)
No auth needed
Prerequisites: Network access to svnserve (port 3690) · Vulnerable Subversion version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10386
Issue Tracking vendor-advisory x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=1748
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021737.html
Various Sources x_refsource_confirm
http://subversion.tigris.org/svn-sscanf-advisory.txt
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108498676517697&w=2
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/363814
Vendor Advisory vendor-advisory x_refsource_fedora
http://www.linuxsecurity.com/advisories/fedora_advisory-4373.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200405-14.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/6301
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11675
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16191
Various Sources x_refsource_misc
http://security.e-matters.de/advisories/082004.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11642

Scores

EPSS 0.7525
EPSS Percentile 99.5%

Details

Status published
Products (3)
subversion/subversion 1.0
subversion/subversion 1.0.1
subversion/subversion 1.0.2
Published Jul 07, 2004
Tracked Since Feb 18, 2026