The remote host is running an Apache Subversion Server server. Versions before 1.6.21, or 1.7.x before 1.7.9 are vulnerable to the following vulnerabilities in the mod_dav_svn Apache HTTPD server module :
A flaw exists in the ‘mod_dav_svn’ that is triggered when handling node properties. (CVE-2013-1845)
A NULL pointer dereference exists in the ‘mod_dav_svn’ module, triggered during the handling of a crafted Log REPORT request, URL lock request, LOCK request against non-existent URL, and URL PROPFIND request. (CVE-2013-1846, CVE-2013-1847, CVE-2013-1849)
A NULL pointer dereference exists in the ‘mod_dav_svn’ module, triggered during the handling of a crafted Log REPORT request. This flaw reportedly affects Apache Subversion 1.7.x only. (CVE-2013-1884).
Binary data 801403.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884
subversion.apache.org/security/CVE-2013-1845-advisory.txt
subversion.apache.org/security/CVE-2013-1846-advisory.txt
subversion.apache.org/security/CVE-2013-1847-advisory.txt
subversion.apache.org/security/CVE-2013-1849-advisory.txt
subversion.apache.org/security/CVE-2013-1884-advisory.txt