CVE-2013-4558

Severity Score

3.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.

La función get_parent_resource en respos.c en el módulo de servidor mod_dav_svn Apache HTTPD en Subversion 1.7.11 a 1.7.13 y 1.8.1 a 1.8.4, cuando se construyen con aserciones activas y SVNAutoversioning está habilitado, permite a atacantes remotos causar denegación de servicio (fallo de aserción y aborto de proceso Apache) a través de una URL no canónica en una petición, como se muestra utilizando una '/' final.

*Credits: N/A

CVSS Scores

NISTv2 3.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-12 CVE Reserved
2013-12-07 CVE Published
2024-03-29 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (7)

URL	Tag	Source
http://osvdb.org/100363	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1033431	X_refsource_confirm
https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc
https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d

URL	Date	SRC

URL	Date	SRC
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt	2024-03-28

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html	2024-03-28
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html	2024-03-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Mod Dav Svn Search vendor "Apache" for product "Mod Dav Svn"				-		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.11 Search vendor "Apache" for product "Subversion" and version "1.7.11"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.12 Search vendor "Apache" for product "Subversion" and version "1.7.12"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.7.13 Search vendor "Apache" for product "Subversion" and version "1.7.13"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.8.1 Search vendor "Apache" for product "Subversion" and version "1.8.1"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.8.2 Search vendor "Apache" for product "Subversion" and version "1.8.2"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.8.3 Search vendor "Apache" for product "Subversion" and version "1.8.3"		-		Affected
Apache Search vendor "Apache"		Subversion Search vendor "Apache" for product "Subversion"				1.8.4 Search vendor "Apache" for product "Subversion" and version "1.8.4"		-		Affected