CVE-2013-1968 – format): Filenames with newline character can lead to revision corruption
https://notcve.org/view.php?id=CVE-2013-1968
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a usuarios autenticados remotamente provocar una denegación de servicio (corrupción del repositorio FSF) a través de un carácter de nueva línea en un nombre de archivo. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2014-0255.html http://www.debian.org/security/2013/dsa-2703 http://www.ubuntu.com/usn/USN-1893-1 https://oval.cisecurity • CWE-138: Improper Neutralization of Special Elements •
CVE-2013-1846 – (mod_dav_svn): DoS (crash) via LOCK requests against an activity URL
https://notcve.org/view.php?id=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.21 y v1.7.0 hasta v1.7.8 permite a usuarios remotos autenticados causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de un bloqueo en una URL vigente. • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html http://subversion.apache.org/security/CVE-201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1845 – (mod_dav_svn): DoS (excessive memory use) when large number of properties are set or deleted
https://notcve.org/view.php?id=CVE-2013-1845
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.21 y v1.7.0 hasta v1.7.8 permite a usuarios remotos autenticados causar una denegación de servicio ((consumo de memoria) mediante un (1) "setting" o (2) "deleting" en un numero largo de propiedades de un archivo o directorio. • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html http://subversion.apache.org/security/CVE-201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1847 – Apache Subversion 1.6.x - 'mod_dav_svn/lock.c' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-1847
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.0 hasta v1.6.20 y v1.7.0 hasta v1.7.8 permite a atacantes remotos causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de un bloqueo anónimo para una URL que no existe. • https://www.exploit-db.com/exploits/38421 http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html •
CVE-2013-1849 – (mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs
https://notcve.org/view.php?id=CVE-2013-1849
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.20 y v1.7.0 hasta v1.7.8 permite a atacantes remotos causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de una petición PROPFIND para una URL vigente. • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html http://seclists.org/fulldisclosure/2013/Mar/ •