CVE-2011-1752

(mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion antes de v1.6.17, permite a atacantes remotos provocar una denegación de servicio ( desreferenciar punteros Nulos y caída del demonio ) a través de una solicitud de una línea base de recursos WebDAV, como se explotó en mayo de 2011.

Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information. Versions less than 1.7.13 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-04-19 CVE Reserved
2011-06-06 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (22)

URL	Tag	Source
http://secunia.com/advisories/44633	Third Party Advisory
http://secunia.com/advisories/44681	Third Party Advisory
http://secunia.com/advisories/44849	Third Party Advisory
http://secunia.com/advisories/44879	Third Party Advisory
http://secunia.com/advisories/44888	Third Party Advisory
http://secunia.com/advisories/45162	Third Party Advisory
http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES	Release Notes
http://www.securityfocus.com/bid/48091	Third Party Advisory
http://www.securitytracker.com/id?1025617	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18922	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	2020-10-05
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html	2020-10-05
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html	2020-10-05
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt	2020-10-05
http://support.apple.com/kb/HT5130	2020-10-05
http://www.debian.org/security/2011/dsa-2251	2020-10-05
http://www.mandriva.com/security/advisories?name=MDVSA-2011:106	2020-10-05
http://www.redhat.com/support/errata/RHSA-2011-0861.html	2020-10-05
http://www.redhat.com/support/errata/RHSA-2011-0862.html	2020-10-05
http://www.ubuntu.com/usn/USN-1144-1	2020-10-05
https://bugzilla.redhat.com/show_bug.cgi?id=709111	2011-06-08
https://access.redhat.com/security/cve/CVE-2011-1752	2011-06-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				< 1.6.17 Search vendor "Apache" for product "Subversion" and version " < 1.6.17"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				11.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.04"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				14 Search vendor "Fedoraproject" for product "Fedora" and version "14"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				15 Search vendor "Fedoraproject" for product "Fedora" and version "15"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.7.3 Search vendor "Apple" for product "Mac Os X" and version " < 10.7.3"		-		Affected