CVE-2013-4505
Slackware Security Advisory - subversion Updates
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
La función is_this_legal en mod_dontdothat para Apache Subversion 1.4.0 a 1.7.13 y 1.8.0 a 1.8.4 permite a atacantes remotos sortear restricciones de acceso intencionadas y posiblemente causar denegación de servicio (consumo de recursos) a través de URL relativas en una petición REPORT.
mod_dontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured by mod_dontdothat. When SVNAutoversioning is enabled via SVNAutoversioning on, commits can be made by single HTTP requests such as MKCOL and PUT. If Subversion is built with assertions enabled any such requests that have non-canonical URLs, such as URLs with a trailing /, may trigger an assert. An assert will cause the Apache process to abort.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-12-07 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/100364 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://subversion.apache.org/security/CVE-2013-4505-advisory.txt | 2013-12-20 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html | 2013-12-20 | |
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html | 2013-12-20 | |
| http://secunia.com/advisories/55855 | 2013-12-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.0 Search vendor "Apache" for product "Subversion" and version "1.4.0" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.1 Search vendor "Apache" for product "Subversion" and version "1.4.1" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.2 Search vendor "Apache" for product "Subversion" and version "1.4.2" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.3 Search vendor "Apache" for product "Subversion" and version "1.4.3" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.4 Search vendor "Apache" for product "Subversion" and version "1.4.4" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.5 Search vendor "Apache" for product "Subversion" and version "1.4.5" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.6 Search vendor "Apache" for product "Subversion" and version "1.4.6" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.0 Search vendor "Apache" for product "Subversion" and version "1.5.0" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.1 Search vendor "Apache" for product "Subversion" and version "1.5.1" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.2 Search vendor "Apache" for product "Subversion" and version "1.5.2" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.3 Search vendor "Apache" for product "Subversion" and version "1.5.3" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.4 Search vendor "Apache" for product "Subversion" and version "1.5.4" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.5 Search vendor "Apache" for product "Subversion" and version "1.5.5" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.6 Search vendor "Apache" for product "Subversion" and version "1.5.6" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.7 Search vendor "Apache" for product "Subversion" and version "1.5.7" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.8 Search vendor "Apache" for product "Subversion" and version "1.5.8" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.0 Search vendor "Apache" for product "Subversion" and version "1.6.0" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.1 Search vendor "Apache" for product "Subversion" and version "1.6.1" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.2 Search vendor "Apache" for product "Subversion" and version "1.6.2" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.3 Search vendor "Apache" for product "Subversion" and version "1.6.3" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.4 Search vendor "Apache" for product "Subversion" and version "1.6.4" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.5 Search vendor "Apache" for product "Subversion" and version "1.6.5" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.6 Search vendor "Apache" for product "Subversion" and version "1.6.6" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.7 Search vendor "Apache" for product "Subversion" and version "1.6.7" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.8 Search vendor "Apache" for product "Subversion" and version "1.6.8" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.9 Search vendor "Apache" for product "Subversion" and version "1.6.9" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.10 Search vendor "Apache" for product "Subversion" and version "1.6.10" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.11 Search vendor "Apache" for product "Subversion" and version "1.6.11" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.12 Search vendor "Apache" for product "Subversion" and version "1.6.12" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.13 Search vendor "Apache" for product "Subversion" and version "1.6.13" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.14 Search vendor "Apache" for product "Subversion" and version "1.6.14" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.15 Search vendor "Apache" for product "Subversion" and version "1.6.15" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.16 Search vendor "Apache" for product "Subversion" and version "1.6.16" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.17 Search vendor "Apache" for product "Subversion" and version "1.6.17" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.18 Search vendor "Apache" for product "Subversion" and version "1.6.18" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.19 Search vendor "Apache" for product "Subversion" and version "1.6.19" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.20 Search vendor "Apache" for product "Subversion" and version "1.6.20" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.21 Search vendor "Apache" for product "Subversion" and version "1.6.21" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.23 Search vendor "Apache" for product "Subversion" and version "1.6.23" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.0 Search vendor "Apache" for product "Subversion" and version "1.7.0" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.1 Search vendor "Apache" for product "Subversion" and version "1.7.1" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.2 Search vendor "Apache" for product "Subversion" and version "1.7.2" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.3 Search vendor "Apache" for product "Subversion" and version "1.7.3" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.4 Search vendor "Apache" for product "Subversion" and version "1.7.4" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.5 Search vendor "Apache" for product "Subversion" and version "1.7.5" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.6 Search vendor "Apache" for product "Subversion" and version "1.7.6" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.7 Search vendor "Apache" for product "Subversion" and version "1.7.7" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.8 Search vendor "Apache" for product "Subversion" and version "1.7.8" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.9 Search vendor "Apache" for product "Subversion" and version "1.7.9" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.10 Search vendor "Apache" for product "Subversion" and version "1.7.10" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.11 Search vendor "Apache" for product "Subversion" and version "1.7.11" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.12 Search vendor "Apache" for product "Subversion" and version "1.7.12" | - |
Affected
|
| Apache Search vendor "Apache" | Mod Dontdothat Search vendor "Apache" for product "Mod Dontdothat" | - | - |
Affected
| in | Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.1 Search vendor "Apache" for product "Subversion" and version "1.8.1" | - |
Affected
|