CVE-2016-8734
https://notcve.org/view.php?id=CVE-2016-8734
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. El módulo mod_dontdothat y los clientes HTTP en su versión 1.4.0 hasta la 1.8.16 y 1.9.0 hasta la 1.9.4 de Apache Subversion son vulnerables a un ataque de denegación de servicio (DoS) provocado por la expansión exponencial de la entidad XML. El ataque puede provocar que el proceso objetivo consuma una cantidad excesiva de recursos de la CPU o memoria. • http://www.debian.org/security/2017/dsa-3932 http://www.securityfocus.com/bid/94588 http://www.securitytracker.com/id/1037361 https://lists.apache.org/thread.html/7798f5cda1b2a3c70db4be77694b12dec8fcc1a441b00009d44f0e09%40%3Cannounce.apache.org%3E https://subversion.apache.org/security/CVE-2016-8734-advisory.txt https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-2167
https://notcve.org/view.php?id=CVE-2016-2167
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. La función canonicalize_username en svnserve/cyrus_auth.c en Apache Subversion en versiones anteriores a 1.8.16 y 1.9.x en versiones anteriores a 1.9.4, cuando se utiliza autenticación Cyrus SASL, permite a atacantes remotos autenticarse y eludir restricciones destinadas al acceso a través de una cadena realm que se prefija a un repositorio de cadena realm esperado. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3E http://subversion.apa • CWE-284: Improper Access Control •
CVE-2016-2168
https://notcve.org/view.php?id=CVE-2016-2168
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. La función req_check_access en el módulo mod_authz_svn en el servidor httpd en Apache Subversion en versiones anteriores a 1.8.16 y 1.9.x en versiones anteriores a 1.9.4 permite a usuarios remotos autenticados provocar una denegación de servicio (referencia a puntero NULL y caída) a través de una cabecera manipulada en una petición (1) MOVE o (2) COPY, involucrando una verificación de autorización. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00043.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00044.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgJet+7_MAhomFVOXPgLtewcUw9w=k9zdPCkq5tvPxVMA%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ%40mail.gmail.com%3E http://subversion.apa •
CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios remotos autenticados obtener información de ruta sensible leyendo el historial de un nodo que ha sido movido desde una ruta oculta. It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1633.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3187-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76273 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0251 – subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
https://notcve.org/view.php?id=CVE-2015-0251
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. El servidor mod_dav_svn en Subversion 1.5.0 hasta 1.7.19 y 1.8.0 hasta 1.8.11 permite a usuarios remotos autenticados falsificar la propiedad svn:author a través de secuencias manipuladas de solicitudes del protocolo v1 HTTP. It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1633.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://seclists.org/fulldisclosure/2015/Jun/32 http://subversion.apache.org/security/CVE-2015-0251-advisory.txt http://www.debian.org/security/2015/dsa-3231 http://www.mandriva.com/security/advisories?name=MDVSA-2015:192 http://www.oracle.com& • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •