CVE-2013-4505
https://notcve.org/view.php?id=CVE-2013-4505
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. La función is_this_legal en mod_dontdothat para Apache Subversion 1.4.0 a 1.7.13 y 1.8.0 a 1.8.4 permite a atacantes remotos sortear restricciones de acceso intencionadas y posiblemente causar denegación de servicio (consumo de recursos) a través de URL relativas en una petición REPORT. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html http://osvdb.org/100364 http://secunia.com/advisories/55855 http://subversion.apache.org/security/CVE-2013-4505-advisory.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4277
https://notcve.org/view.php?id=CVE-2013-4277
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. Svnserve en Apache Subversion 1.4.0 a 1.7.12 y 1.8.0 a 1.8.1 permite a usuarios locales sobrescribir archivos arbirtrarios o matar procesos arbitrarios a través de un ataque de enlaces simbólicos sobre el fichero especificado por la opción --pid-file. • http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00054.html http://subversion.apache.org/security/CVE-2013-4277-advisory.txt http://www.securityfocus.com/bid/62266 https://exchange.xforce.ibmcloud.com/vulnerabilities/86972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18554 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-2088 – Subversion 1.6.6/1.6.12 - Code Execution
https://notcve.org/view.php?id=CVE-2013-2088
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de "commit" la ejecución de comandos arbitrarios a través de metacaracteres shell en un nombre de archivo. Subversion versions 1.6.6 and 1.6.12 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/40507 http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772 https://subversion.apache.org/security/ • CWE-20: Improper Input Validation •
CVE-2013-2112 – subversion: Remote DoS due improper handling of early-closing TCP connections
https://notcve.org/view.php?id=CVE-2013-2112
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. El servidor svnserve en Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a atacantes remotos provocar una denegación de servicio (salida) terminando una conexión. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2014-0255.html http://www.debian.org/security/2013/dsa-2703 http://www.ubuntu.com/usn/USN-1893-1 https://oval.cisecurity •
CVE-2013-1968 – format): Filenames with newline character can lead to revision corruption
https://notcve.org/view.php?id=CVE-2013-1968
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a usuarios autenticados remotamente provocar una denegación de servicio (corrupción del repositorio FSF) a través de un carácter de nueva línea en un nombre de archivo. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2014-0255.html http://www.debian.org/security/2013/dsa-2703 http://www.ubuntu.com/usn/USN-1893-1 https://oval.cisecurity • CWE-138: Improper Neutralization of Special Elements •