Apache Subversion 1.7.x < 1.7.20 / 1.8.x < 1.8.12 Multiple Vulnerabilities

The version of Apache Subversion installed on the remote host is 1.7.x prior to 1.7.20, or 1.8.x prior to 1.8.12 and is affected by the following vulnerabilities :

• ‘mod_dav_svn’ and ‘svnserve’ are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Assertion will cause svnserve process or the process hosting m’od_dav_svn’ module (Apache) to abort. (CVE-2015-0248)
• The ‘mod_dav_svn’ module allows setting arbitrary ‘svn:author’ property values when committing new revisions. This can be accomplished using a specially crafted sequence of requests. A malicious committer can fake ‘svn:author’ values on his commits. (CVE-2015-0251)
• A denial of service vulnerability affects Subversion HTTP servers with FSFS repositories. The ‘mod_dav_svn’ module may use excessive amounts of memory when processing REPORT requests that require traversing through a large number of FSFS repository nodes (files and directories). With a specially crafted report query, a malicious actor could cause a denial of service condition. Note: This issue only affects 1.8.x installations. (CVE-2015-0202)