CVE-2013-1849 – (mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs
https://notcve.org/view.php?id=CVE-2013-1849
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.20 y v1.7.0 hasta v1.7.8 permite a atacantes remotos causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de una petición PROPFIND para una URL vigente. • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html http://seclists.org/fulldisclosure/2013/Mar/ •
CVE-2013-1884 – Apache Subversion - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-1884
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.7.0 hasta v1.7.8 permite a atacantes remotos provocar una denegación de servicio (falta de segmentación y caída) a través de una petición de registro de log REPORT con un limite invalido, , lo que dispara un acceso a una variable sin inicializar. • https://www.exploit-db.com/exploits/38422 http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://subversion.apache.org/security/CVE-2013-1884-advisory.txt http://www.mandriva.com/security/advisories?name=MDVSA-2013:153 http://www.ubuntu.com/usn/USN-1893-1 https://bugzilla.redhat.com/show_bug.cgi?id=929095 https://oval.cisecurity. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0715 – (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
https://notcve.org/view.php?id=CVE-2011-0715
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. El módulo mod_dav_svn para el servidor Apache HTTP, como el distribuido en Apache Subversion antes de v1.6.16, permite a atacantes remotos provocar una denegación de servicio (desreferenciar de puntero NULL y caída de demonio) a través de una solicitud que contiene un token de bloqueo. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43583 http://secunia.com/advisories/43603 http://secunia.com/advisories/43672 http: •
CVE-2010-4539 – (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser
https://notcve.org/view.php?id=CVE-2010-4539
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. La función walk en repos.c en el módulo mod_dav_svn para el servidor Apache HTTP, como los distribuidos en Apache Subversion anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de vectores que provocan el seguimiento de Las colecciones SVNParentPath. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2011/01/02/1 http://openwall.com/list • CWE-399: Resource Management Errors •
CVE-2010-4644 – Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
https://notcve.org/view.php?id=CVE-2010-4644
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Múltiples fugas de memoria en rev_hunt.c Subversion en Apache anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de demonio) a través de la opción -g sobre el comando blame. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2011/01/02/1 http://openwall.com/lists/oss-security/2011/01& • CWE-399: Resource Management Errors •