CVSS: 3.5EPSS: 2%CPEs: 8EXPL: 0CVE-2013-4558
https://notcve.org/view.php?id=CVE-2013-4558
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. La función get_parent_resource en respos.c en el módulo de servidor mod_dav_svn Apache HTTPD en Subversion 1.7.11 a 1.7.13 y 1.8.1 a 1.8.4, cuando se construyen con aserciones activas y SVNAutoversioning está habilitado, permite a atacantes remotos causar denegación de servicio (fallo de aserción y aborto de proceso Apache) a través de una URL no canónica en una petición, como se muestra utilizando una '/' final. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html http://osvdb.org/100363 http://subversion.apache.org/security/CVE-2013-4558-advisory.txt https://bugzilla.redhat.com/show_bug.cgi?id=1033431 https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 54EXPL: 0CVE-2013-4277
https://notcve.org/view.php?id=CVE-2013-4277
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. Svnserve en Apache Subversion 1.4.0 a 1.7.12 y 1.8.0 a 1.8.1 permite a usuarios locales sobrescribir archivos arbirtrarios o matar procesos arbitrarios a través de un ataque de enlaces simbólicos sobre el fichero especificado por la opción --pid-file. • http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00054.html http://subversion.apache.org/security/CVE-2013-4277-advisory.txt http://www.securityfocus.com/bid/62266 https://exchange.xforce.ibmcloud.com/vulnerabilities/86972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18554 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4131
https://notcve.org/view.php?id=CVE-2013-4131
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. El mod_dav_svn del módulo Apache HTTPD server en Subversion 1.7.0 a la 1.7.10 y 1.8.x anterior a 1.8.1, permite a usuarios autenticados remotamente provocar una denegación de servicio (fallo de aserción o lectura fuera de rango) a través de determinadas peticiones (1) COPY, (2) DELETE, o (3) MOVE contra la revisión de "root". • http://lists.opensuse.org/opensuse-updates/2013-08/msg00000.html http://subversion.apache.org/security/CVE-2013-4131-advisory.txt http://www.securityfocus.com/bid/61454 https://bugzilla.redhat.com/show_bug.cgi?id=986194 https://exchange.xforce.ibmcloud.com/vulnerabilities/85983 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18621 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 112EXPL: 0CVE-2011-0715 – (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
https://notcve.org/view.php?id=CVE-2011-0715
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. El módulo mod_dav_svn para el servidor Apache HTTP, como el distribuido en Apache Subversion antes de v1.6.16, permite a atacantes remotos provocar una denegación de servicio (desreferenciar de puntero NULL y caída de demonio) a través de una solicitud que contiene un token de bloqueo. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43583 http://secunia.com/advisories/43603 http://secunia.com/advisories/43672 http: •
CVSS: 6.8EPSS: 1%CPEs: 111EXPL: 1CVE-2010-4539 – (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser
https://notcve.org/view.php?id=CVE-2010-4539
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. La función walk en repos.c en el módulo mod_dav_svn para el servidor Apache HTTP, como los distribuidos en Apache Subversion anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de vectores que provocan el seguimiento de Las colecciones SVNParentPath. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2011/01/02/1 http://openwall.com/list • CWE-399: Resource Management Errors •