CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2011-1752 – (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources
https://notcve.org/view.php?id=CVE-2011-1752
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion antes de v1.6.17, permite a atacantes remotos provocar una denegación de servicio ( desreferenciar punteros Nulos y caída del demonio ) a través de una solicitud de una línea base de recursos WebDAV, como se explotó en mayo de 2011. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html http://secunia.com/advisories/44633 http://secunia.com/advisories/44681 http://secunia.com/advisories/44849 http://secunia.com/advisories/44879 http://secunia.com/advisories/44888 http://secunia.com/advisories/45162 http://subversion.apache.org/security/CVE-2011&# • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2011-1783 – (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
https://notcve.org/view.php?id=CVE-2011-1783
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subersion v1.5.x y v1.6.x antes de 1.6.17, cuando la opción SVNPathAuthz short_circuit está habilitada permite a atacantes remotos a causar una denegación de servicio (bucle infinito y consumo de memoria) mediante la petición de datos en circunstancias oportunistas. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html http://secunia.com/advisories/44633 http://secunia.com/advisories/44681 http://secunia.com/advisories/44849 http://secunia.com/advisories/44888 http://secunia.com/advisories/45162 http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://support.ap •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2011-1921 – (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users
https://notcve.org/view.php?id=CVE-2011-1921
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion v1.5.x y v1.6.x anteriores a 1.6.17,cuando la opción SVNPathAuthz short_circuit está deshabilitada no se aplican correctamente los permisos para los archivos que habían sido legibles públicamente en el pasado, lo que permite a atacantes remotos obtener información sensible a través de una operación de reproducción de INFORMES. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html http://secunia.com/advisories/44633 http://secunia.com/advisories/44681 http://secunia.com/advisories/44849 http://secunia.com/advisories/44888 http://secunia.com/advisories/45162 http://subversion.apache.org/security/CVE-2011-1921-advisory.txt http://support.ap • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 4%CPEs: 64EXPL: 0CVE-2009-2411 – subversion: multiple heap overflow issues
https://notcve.org/view.php?id=CVE-2009-2411
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. Múltiples desbordamientos de entero en la biblioteca libsvn_delta en Subversion anterior a v1.5.7 y v1.6.x anterior a v1.6.4, permite a los usuarios remotos autenticados y a los servidores Subversion remotos ejecutar código arbitrario a través de un flujo (stream) svndiff con grandes ventanas que desencadenan un desbordamiento de búfer basado en memoria dinámica, una cuestión relacionada con CVE-2009-2412. • http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://osvdb.org/56856 http://secunia.com/advisories/36184 http://secunia.com/advisories/36224 http://secunia.com/advisories/36232 http://secunia.com/advisories/36257 http://secunia.com/advisories/36262 http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt http://support.apple.com/kb/HT3937 http://svn.collab.net/repos/svn/ta • CWE-189: Numeric Errors •