Lucene search

K

Arch LinuxASA-201412-17

HistoryDec 16, 2014 - 12:00 a.m.

subversion: denial of service

2014-12-1600:00:00

Arch Linux

lists.archlinux.org

17

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

86.3%

CVE-2014-3580 (denial of service)
A NULL pointer dereference flaw was found in the way mod_dav_svn handled
REPORT requests. A remote, unauthenticated attacker could use a crafted
REPORT request to crash mod_dav_svn.
CVE-2014-8108 (denial of service)
A NULL pointer dereference flaw was found in the way mod_dav_svn handled
URIs for virtual transaction names. A remote, unauthenticated attacker
could send a request for a virtual transaction name that does not exist,
causing mod_dav_svn to crash.

OSVersionArchitecturePackageVersionFilename
anyanyanysubversion< 1.8.11-1UNKNOWN

References

access.redhat.com/security/cve/CVE-2014-3580

access.redhat.com/security/cve/CVE-2014-8108

subversion.apache.org/security/CVE-2014-3580-advisory.txt

subversion.apache.org/security/CVE-2014-8108-advisory.txt

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

86.3%

Related for ASA-201412-17

fedora2 nessus21 amazon1 openvas16 mageia1 securityvulns4 freebsd1 redhat2 oraclelinux2 centos2 cve2 debiancve2 ubuntucve2 prion2 debian2 osv1 ubuntu1 veracode1 suse1