Lucene search

K
cvelistApacheCVELIST:CVE-2020-17525
HistoryMar 17, 2021 - 9:20 a.m.

CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn

2021-03-1709:20:14
CWE-476
apache
www.cve.org

7.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

Subversion’s mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

CNA Affected

[
  {
    "product": "Apache Subversion",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "unaffected",
        "version": "mod_authz_svn 1.10.7"
      },
      {
        "lessThan": "1.14.1",
        "status": "affected",
        "version": "mod_authz_svn",
        "versionType": "custom"
      }
    ]
  }
]