CVE-2013-1846

(mod_dav_svn): DoS (crash) via LOCK requests against an activity URL

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.21 y v1.7.0 hasta v1.7.8 permite a usuarios remotos autenticados causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de un bloqueo en una URL vigente.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-04-09 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (11)

URL	Tag	Source
http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E	Mailing List
http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E	Mailing List
http://subversion.apache.org/security/CVE-2013-1846-advisory.txt	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18087	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html	2018-10-30
http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2013-0737.html	2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2013:153	2018-10-30
http://www.ubuntu.com/usn/USN-1893-1	2018-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=929087	2013-04-11
https://access.redhat.com/security/cve/CVE-2013-1846	2013-04-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				<= 1.6.20 Search vendor "Apache" for product "Subversion" and version " <= 1.6.20"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.0 Search vendor "Apache" for product "Subversion" and version "1.6.0"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.1 Search vendor "Apache" for product "Subversion" and version "1.6.1"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.2 Search vendor "Apache" for product "Subversion" and version "1.6.2"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.3 Search vendor "Apache" for product "Subversion" and version "1.6.3"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.4 Search vendor "Apache" for product "Subversion" and version "1.6.4"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.5 Search vendor "Apache" for product "Subversion" and version "1.6.5"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.6 Search vendor "Apache" for product "Subversion" and version "1.6.6"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.7 Search vendor "Apache" for product "Subversion" and version "1.6.7"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.8 Search vendor "Apache" for product "Subversion" and version "1.6.8"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.9 Search vendor "Apache" for product "Subversion" and version "1.6.9"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.10 Search vendor "Apache" for product "Subversion" and version "1.6.10"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.11 Search vendor "Apache" for product "Subversion" and version "1.6.11"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.12 Search vendor "Apache" for product "Subversion" and version "1.6.12"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.13 Search vendor "Apache" for product "Subversion" and version "1.6.13"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.14 Search vendor "Apache" for product "Subversion" and version "1.6.14"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.15 Search vendor "Apache" for product "Subversion" and version "1.6.15"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.16 Search vendor "Apache" for product "Subversion" and version "1.6.16"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.17 Search vendor "Apache" for product "Subversion" and version "1.6.17"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.18 Search vendor "Apache" for product "Subversion" and version "1.6.18"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.6.19 Search vendor "Apache" for product "Subversion" and version "1.6.19"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.0 Search vendor "Apache" for product "Subversion" and version "1.7.0"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.1 Search vendor "Apache" for product "Subversion" and version "1.7.1"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.2 Search vendor "Apache" for product "Subversion" and version "1.7.2"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.3 Search vendor "Apache" for product "Subversion" and version "1.7.3"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.4 Search vendor "Apache" for product "Subversion" and version "1.7.4"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.5 Search vendor "Apache" for product "Subversion" and version "1.7.5"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.6 Search vendor "Apache" for product "Subversion" and version "1.7.6"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.7 Search vendor "Apache" for product "Subversion" and version "1.7.7"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.1 Search vendor "Opensuse" for product "Opensuse" and version "12.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.3 Search vendor "Opensuse" for product "Opensuse" and version "12.3"		-		Affected