Page 7 of 38 results (0.008 seconds)

CVSS: 4.3EPSS: 1%CPEs: 30EXPL: 0

CVE-2013-1849 – (mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs

https://notcve.org/view.php?id=CVE-2013-1849

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.20 y v1.7.0 hasta v1.7.8 permite a atacantes remotos causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de una petición PROPFIND para una URL vigente. • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html http://seclists.org/fulldisclosure/2013/Mar/ •

CVSS: 5.0EPSS: 1%CPEs: 112EXPL: 0

CVE-2011-0715 – (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client

https://notcve.org/view.php?id=CVE-2011-0715

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. El módulo mod_dav_svn para el servidor Apache HTTP, como el distribuido en Apache Subversion antes de v1.6.16, permite a atacantes remotos provocar una denegación de servicio (desreferenciar de puntero NULL y caída de demonio) a través de una solicitud que contiene un token de bloqueo. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43583 http://secunia.com/advisories/43603 http://secunia.com/advisories/43672 http: •

CVSS: 6.8EPSS: 1%CPEs: 111EXPL: 1

CVE-2010-4539 – (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser

https://notcve.org/view.php?id=CVE-2010-4539

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. La función walk en repos.c en el módulo mod_dav_svn para el servidor Apache HTTP, como los distribuidos en Apache Subversion anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de vectores que provocan el seguimiento de Las colecciones SVNParentPath. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2011/01/02/1 http://openwall.com/list • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 111EXPL: 1

CVE-2010-4644 – Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files

https://notcve.org/view.php?id=CVE-2010-4644

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Múltiples fugas de memoria en rev_hunt.c Subversion en Apache anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de demonio) a través de la opción -g sobre el comando blame. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2011/01/02/1 http://openwall.com/lists/oss-security/2011/01& • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0

CVE-2010-3315 – Subversion: Access restriction bypass by checkout of the root of the repository

https://notcve.org/view.php?id=CVE-2010-3315

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. authz.c del módulo mod_dav_svn del servidor HTTP Apache, como se ha distribuído en Apache Subversion v1.5.x anteriores a la v1.5.8 y v1.6.x anteriores a la v1.6.13, cuando SVNPathAuthz short_circuit está activo, no maneja apropiadamente un repositorio con nombre como una regla de alcance, lo que permite a usuarios autenticados remotos evitar las restricciones previstas a través de comandos svn. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://secunia.com/advisories/41652 http://secunia.com/advisories/43139 http://secunia.com/advisories/43346 http://security-tracker.debian.org/tracker/CVE-2010-3315 http://subversion.apache.org/security/CVE-2010-3315-advisory.txt http://support.apple.com/kb/HT4581 http://www.debian.org/security/2010/dsa-2118 http://www.mandriva.com • CWE-16: Configuration •