The version of Apache Subversion installed on the remote host is 1.7.x, 1.8.x prior to 1.8.15, or 1.9.x prior to 1.9.3 and is affected by a buffer overflow vulnerability. Specifically, these versions contain an integer overflow condition in the ‘request_body_to_string()’ function in ‘mod_dav_svn/util.c’ that is triggered when handling skel-encoded request bodies. This may allow an authenticated, remote attacker to cause a heap-based buffer overflow, crashing the service or potentially allowing the execution of arbitrary code. (CVE-2015-5343)
Binary data 9068.prm
Vendor | Product | Version | CPE |
---|---|---|---|
apache | subversion | cpe:/a:apache:subversion |