CVSS: 5.0EPSS: 0%CPEs: 46EXPL: 0CVE-2015-3184 – subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Vulnerabilidad en mod_authz_svn en Apache Subversion 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, al utilizar Apache httpd 2.4.x, no restringe correctamente el acceso anónimo, lo que permite a usuarios anónimos remotos leer archivos ocultos a través del nombre de la ruta. It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3184-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76274 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https://security.gentoo.org/glsa/201610-05 https://support • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 2%CPEs: 112EXPL: 0CVE-2011-0715 – (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
https://notcve.org/view.php?id=CVE-2011-0715
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. El módulo mod_dav_svn para el servidor Apache HTTP, como el distribuido en Apache Subversion antes de v1.6.16, permite a atacantes remotos provocar una denegación de servicio (desreferenciar de puntero NULL y caída de demonio) a través de una solicitud que contiene un token de bloqueo. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43583 http://secunia.com/advisories/43603 http://secunia.com/advisories/43672 http: •
CVSS: 6.8EPSS: 1%CPEs: 111EXPL: 1CVE-2010-4539 – (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser
https://notcve.org/view.php?id=CVE-2010-4539
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. La función walk en repos.c en el módulo mod_dav_svn para el servidor Apache HTTP, como los distribuidos en Apache Subversion anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de vectores que provocan el seguimiento de Las colecciones SVNParentPath. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2011/01/02/1 http://openwall.com/list • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 111EXPL: 1CVE-2010-4644 – Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
https://notcve.org/view.php?id=CVE-2010-4644
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Múltiples fugas de memoria en rev_hunt.c Subversion en Apache anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de demonio) a través de la opción -g sobre el comando blame. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2011/01/02/1 http://openwall.com/lists/oss-security/2011/01& • CWE-399: Resource Management Errors •