Versions of Apache Subversion prior to 1.7.19, or 1.8.x prior to 1.8.11 are affected by the following vulnerabilities :
- When a resource is requested by ‘mod_dav’ that doesn’t exist, ‘mod_dav_svn’ returns a NULL as the repository path. However, later when ‘mod_dav’ calls to handle the request, a SEGFAULT occurs, effectively crashing the service. (CVE-2014-3580)
- A denial of service vulnerability affects the ‘mod_dav_svn’ module for the Apache HTTPD server. The problem occurs when handling a request for specially formatted URIs. The request would include a non-existent virtual transaction name, resulting in a NULL loop, effectively crashing the service. (CVE-2014-8108)