CVE-2014-8108

2014-12-1815:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-8108

mod_dav_svn

apache httpd server

apache subversion

denial of service

null pointer dereference

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

CPENameOperatorVersion
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_hpc_noderedhat enterprise linux hpc nodeeq7.0
apache:subversionapache subversioneq1.2.0
apache:subversionapache subversioneq1.0.4
apache:subversionapache subversioneq1.6.10
apache:subversionapache subversioneq1.6.19
apache:subversionapache subversioneq1.8.2
apache:subversionapache subversioneq1.0.8

CPE	Name	Operator	Version
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_hpc_node	redhat enterprise linux hpc node	eq	7.0
apache:subversion	apache subversion	eq	1.2.0
apache:subversion	apache subversion	eq	1.0.4
apache:subversion	apache subversion	eq	1.6.10
apache:subversion	apache subversion	eq	1.6.19
apache:subversion	apache subversion	eq	1.8.2
apache:subversion	apache subversion	eq	1.0.8