CVE-2011-1752

2011-06-0619:55:00

CWE-476

[email protected]

web.nvd.nist.gov

mod_dav_svn

apache http server

denial of service

cve-2011-1752

nvd

remote attackers

null pointer dereference

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

CPENameOperatorVersion
apache:subversionapache subversionlt1.6.17
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq6.0
fedoraproject:fedorafedoraproject fedoraeq15
fedoraproject:fedorafedoraproject fedoraeq14
apple:mac_os_xapple mac os xlt10.7.3

CPE	Name	Operator	Version
apache:subversion	apache subversion	lt	1.6.17
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	6.0
fedoraproject:fedora	fedoraproject fedora	eq	15
fedoraproject:fedora	fedoraproject fedora	eq	14
apple:mac_os_x	apple mac os x	lt	10.7.3