ID OPENVAS:1361412562310130058 Type openvas Reporter Eero Volotinen Modified 2017-07-10T00:00:00
Description
Mageia Linux Local Security Checks mgasa-2015-0326
# OpenVAS Vulnerability Test
# Description: Mageia Linux security check
# $Id: mgasa-2015-0326.nasl 6637 2017-07-10 09:58:13Z teissa $
# Authors:
# Eero Volotinen <eero.volotinen@solinor.com>
#
# Copyright:
# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.130058");
script_version("$Revision: 6637 $");
script_tag(name:"creation_date", value:"2015-10-15 10:42:09 +0300 (Thu, 15 Oct 2015)");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $");
script_name("Mageia Linux Local Check: mgasa-2015-0326");
script_tag(name: "insight", value: "Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible (CVE-2015-3184). Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerablity only reveals the path, it does not reveal the contents of the path (CVE-2015-3187). This update also re-enables the java subpackage for the Mageia 5 subversion package (mga#16075).");
script_tag(name : "solution", value : "update software");
script_tag(name : "solution_type", value : "VendorFix");
script_xref(name : "URL" , value : "https://advisories.mageia.org/MGASA-2015-0326.html");
script_cve_id("CVE-2015-3184","CVE-2015-3187");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release");
script_category(ACT_GATHER_INFO);
script_tag(name : "summary", value : "Mageia Linux Local Security Checks mgasa-2015-0326");
script_copyright("Eero Volotinen");
script_family("Mageia Linux Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL)
{
exit(0);
}
if(release == "MAGEIA5")
{
if ((res = isrpmvuln(pkg:"subversion", rpm:"subversion~1.8.14~1.mga5", rls:"MAGEIA5")) != NULL) {
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); #Not vulnerable
exit(0);
}
{"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130058", "history": [{"lastseen": "2017-07-24T12:52:15", "differentElements": ["modified", "sourceData"], "edition": 2, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130058", "history": [], "naslFamily": "Mageia Linux Local Security Checks", "id": "OPENVAS:1361412562310130058", "title": "Mageia Linux Local Check: mgasa-2015-0326", "description": "Mageia Linux Local Security Checks mgasa-2015-0326", "published": "2015-10-15T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "references", "hash": "10cac684b003ad802f99f154631a0c91"}, {"key": "modified", "hash": "774d0176dfa389c0c71e9e200f95a6ba"}, {"key": "sourceData", "hash": "1dd3c80cf057a6acb26d6443431264d4"}, {"key": "naslFamily", "hash": "d2a53caa56a9de7ab57b1469d9af60d8"}, {"key": "href", "hash": "7bad91af487510c7e059d4a680c9e801"}, {"key": "cvelist", "hash": "3bc7c9c745a888d9e276dd44c21067da"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "title", "hash": "a51761d829dc789fc5c705bb80f7116c"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "pluginID", "hash": "6f3f526f55eef07b1f540f3860d3f582"}, {"key": "description", "hash": "f061a26454baa190c7d269997a24d53c"}, {"key": "published", "hash": "092308648d96cd05406a07d3e278adb0"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}], "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2015-0326.nasl 6563 2017-07-06 12:23:47Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.130058\");\nscript_version(\"$Revision: 6563 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-15 10:42:09 +0300 (Thu, 15 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:23:47 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2015-0326\");\nscript_tag(name: \"insight\", value: \"Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible (CVE-2015-3184). Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerablity only reveals the path, it does not reveal the contents of the path (CVE-2015-3187). This update also re-enables the java subpackage for the Mageia 5 subversion package (mga#16075).\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2015-0326.html\");\nscript_cve_id(\"CVE-2015-3184\",\"CVE-2015-3187\");\nscript_tag(name:\"cvss_base\", value:\"5.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2015-0326\");\nscript_summary(\"Mageia Linux Local Security Checks mgasa-2015-0326\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.8.14~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "pluginID": "1361412562310130058", "hash": "e329d649b3ad2885e91a4f811f74324b7d323b6679b99be44f2cc6f966b7b510", "modified": "2017-07-06T00:00:00", "edition": 2, "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2017-07-24T12:52:15", "viewCount": 0, "enchantments": {}, "reporter": "Eero Volotinen", "objectVersion": "1.3", "references": ["https://advisories.mageia.org/MGASA-2015-0326.html"]}}, {"lastseen": "2017-07-02T21:11:26", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130058", "history": [], "naslFamily": "Mageia Linux Local Security Checks", "id": "OPENVAS:1361412562310130058", "title": "Mageia Linux Local Check: mgasa-2015-0326", "description": "Mageia Linux Local Security Checks mgasa-2015-0326", "published": "2015-10-15T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "references", "hash": "10cac684b003ad802f99f154631a0c91"}, {"key": "naslFamily", "hash": "d2a53caa56a9de7ab57b1469d9af60d8"}, {"key": "modified", "hash": "451ccf9b33cae434b1236ed7a06114ec"}, {"key": "href", "hash": "7bad91af487510c7e059d4a680c9e801"}, {"key": "cvelist", "hash": "3bc7c9c745a888d9e276dd44c21067da"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "title", "hash": "a51761d829dc789fc5c705bb80f7116c"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "pluginID", "hash": "6f3f526f55eef07b1f540f3860d3f582"}, {"key": "description", "hash": "f061a26454baa190c7d269997a24d53c"}, {"key": "published", "hash": "092308648d96cd05406a07d3e278adb0"}, {"key": "sourceData", "hash": "7951c583f407e09a36264a712e8887be"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}], "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2015-0326.nasl 4513 2016-11-15 09:37:48Z cfi $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.130058\");\nscript_version(\"$Revision: 4513 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-15 10:42:09 +0300 (Thu, 15 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2016-11-15 10:37:48 +0100 (Tue, 15 Nov 2016) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2015-0326\");\nscript_tag(name: \"insight\", value: \"Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible (CVE-2015-3184). Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerablity only reveals the path, it does not reveal the contents of the path (CVE-2015-3187). This update also re-enables the java subpackage for the Mageia 5 subversion package (mga#16075).\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2015-0326.html\");\nscript_cve_id(\"CVE-2015-3184\",\"CVE-2015-3187\");\nscript_tag(name:\"cvss_base\", value:\"5.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"login/SSH/success\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2015-0326\");\nscript_summary(\"Mageia Linux Local Security Checks mgasa-2015-0326\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.8.14~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "pluginID": "1361412562310130058", "hash": "58032ae083f59ad3f252b816b91ee988c278bfc43d5d9251095fe0af05b748e9", "modified": "2016-11-15T00:00:00", "edition": 1, "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2017-07-02T21:11:26", "viewCount": 0, "enchantments": {}, "reporter": "Eero Volotinen", "objectVersion": "1.3", "references": ["https://advisories.mageia.org/MGASA-2015-0326.html"]}}], "naslFamily": "Mageia Linux Local Security Checks", "id": "OPENVAS:1361412562310130058", "reporter": "Eero Volotinen", "published": "2015-10-15T00:00:00", "description": "Mageia Linux Local Security Checks mgasa-2015-0326", "title": "Mageia Linux Local Check: mgasa-2015-0326", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2015-0326.nasl 6637 2017-07-10 09:58:13Z teissa $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.130058\");\nscript_version(\"$Revision: 6637 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-15 10:42:09 +0300 (Thu, 15 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2015-0326\");\nscript_tag(name: \"insight\", value: \"Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible (CVE-2015-3184). Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerablity only reveals the path, it does not reveal the contents of the path (CVE-2015-3187). This update also re-enables the java subpackage for the Mageia 5 subversion package (mga#16075).\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2015-0326.html\");\nscript_cve_id(\"CVE-2015-3184\",\"CVE-2015-3187\");\nscript_tag(name:\"cvss_base\", value:\"5.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2015-0326\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.8.14~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "pluginID": "1361412562310130058", "hash": "560bdaa94954d867c6217890d60448ecd23007ed4ad00db40a230439fcefe9f8", "references": ["https://advisories.mageia.org/MGASA-2015-0326.html"], "edition": 3, "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2017-07-25T10:52:15", "viewCount": 0, "enchantments": {"vulnersScore": 7.2}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "3bc7c9c745a888d9e276dd44c21067da"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "f061a26454baa190c7d269997a24d53c"}, {"key": "href", "hash": "7bad91af487510c7e059d4a680c9e801"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "d2a53caa56a9de7ab57b1469d9af60d8"}, {"key": "pluginID", "hash": "6f3f526f55eef07b1f540f3860d3f582"}, {"key": "published", "hash": "092308648d96cd05406a07d3e278adb0"}, {"key": "references", "hash": "10cac684b003ad802f99f154631a0c91"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}, {"key": "sourceData", "hash": "b4ee9cbedbbc4673cada7a0d6b62f055"}, {"key": "title", "hash": "a51761d829dc789fc5c705bb80f7116c"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-10T00:00:00"}
{"result": {"cve": [{"id": "CVE-2015-3187", "type": "cve", "title": "CVE-2015-3187", "description": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.", "published": "2015-08-12T10:59:12", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3187", "cvelist": ["CVE-2015-3187"], "lastseen": "2017-07-01T10:43:24"}, {"id": "CVE-2015-3184", "type": "cve", "title": "CVE-2015-3184", "description": "mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.", "published": "2015-08-12T10:59:10", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3184", "cvelist": ["CVE-2015-3184"], "lastseen": "2017-07-01T10:43:24"}], "f5": [{"id": "SOL17453", "type": "f5", "title": "SOL17453 - Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2015-10-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/17000/400/sol17453.html", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2016-09-26T17:22:58"}, {"id": "F5:K17453", "type": "f5", "title": "Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187", "description": "\nF5 Product Development has assigned ID 552888 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | \nNone \n| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| \n \nNone \n \nBIG-IP AAM | None | 12.0.0 \n11.4.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP AFM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP Analytics | None | 12.0.0 \n11.0.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP APM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP ASM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP DNS \n| None | 12.0.0 \n| Not vulnerable \n| None \n \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP Link Controller | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP PEM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nARX | None | 6.0.0 - 6.4.0 \n| Not vulnerable \n| None \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n| Not vulnerable \n| None \n \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable \n| None \n \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ Device | None | 4.2.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ Security | None | 4.0.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ ADC | None | 4.5.0 \n| Not vulnerable \n| None \n \nLineRate | None | 2.5.0 - 2.6.1 \n| Not vulnerable \n| None \n \nF5 WebSafe | None | 1.0.0 \n| Not vulnerable \n| None \n \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable \n| None \n\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2015-10-17T01:23:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K17453", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-06-08T00:16:29"}], "debian": [{"id": "DLA-293", "type": "debian", "title": "subversion -- LTS security update", "description": "C. Michael Pilato, from CollabNet, reported an issue in the version control system Subversion.\n\n * [CVE-2015-3187](<https://security-tracker.debian.org/tracker/CVE-2015-3187>)\n\nSubversion servers revealed some sensible paths hidden by path-based authorization. Remote authenticated users were allowed to obtain path information by reading the history of a node that has been moved from a hidden path. The vulnerability only revealed the path, though it didn't reveal its content.\n\nFor Debian 6 Squeeze, this issue has been fixed in subversion 1.6.12dfsg-7+deb6u3. We recommend to upgrade your subversion packages.", "published": "2015-08-16T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://www.debian.org/security/2015/dla-293", "cvelist": ["CVE-2015-3187"], "lastseen": "2016-09-02T12:56:43"}, {"id": "DSA-3331", "type": "debian", "title": "subversion -- security update", "description": "Several security issues have been found in the server components of the version control system subversion.\n\n * [CVE-2015-3184](<https://security-tracker.debian.org/tracker/CVE-2015-3184>)\n\nSubversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. This issue does not affect the oldstable distribution (wheezy) because it only contains Apache httpd 2.2.\n\n * [CVE-2015-3187](<https://security-tracker.debian.org/tracker/CVE-2015-3187>)\n\nSubversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz. When a node is copied from an unreadable location to a readable location the unreadable path may be revealed. This vulnerablity only reveals the path, it does not reveal the contents of the path.\n\nFor the oldstable distribution (wheezy), this problem has been fixed in version 1.6.17dfsg-4+deb7u10.\n\nFor the stable distribution (jessie), these problems have been fixed in version 1.8.10-6+deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed in version 1.9.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.9.0-1.\n\nWe recommend that you upgrade your subversion packages.", "published": "2015-08-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://www.debian.org/security/dsa-3331", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2016-09-02T18:21:39"}], "nessus": [{"id": "DEBIAN_DLA-293.NASL", "type": "nessus", "title": "Debian DLA-293-1 : subversion security update", "description": "C. Michael Pilato, from CollabNet, reported an issue in the version control system Subversion.\n\nCVE-2015-3187\n\nSubversion servers revealed some sensible paths hidden by path-based authorization. Remote authenticated users were allowed to obtain path information by reading the history of a node that has been moved from a hidden path. The vulnerability only revealed the path, though it didn't reveal its content.\n\nFor Debian 6 'Squeeze', this issue has been fixed in subversion 1.6.12dfsg-7+deb6u3. We recommend to upgrade your subversion packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-08-17T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85419", "cvelist": ["CVE-2015-3187"], "lastseen": "2017-10-29T13:35:58"}, {"id": "OPENSUSE-2015-549.NASL", "type": "nessus", "title": "openSUSE Security Update : subversion (openSUSE-2015-549)", "description": "subversion was updated to version 1.8.14 to fix two security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517).\n\n - CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514).", "published": "2015-08-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85524", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2017-10-29T13:41:50"}, {"id": "FREEBSD_PKG_57BB5E3D3C4F11E5A4D4001E8C75030D.NASL", "type": "nessus", "title": "FreeBSD : subversion -- multiple vulnerabilities (57bb5e3d-3c4f-11e5-a4d4-001e8c75030d)", "description": "Subversion reports :\n\nCVE-2015-3184 : Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4.\n\nCVE-2015-3187 : Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz.", "published": "2015-08-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85257", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2017-10-29T13:46:07"}, {"id": "DEBIAN_DSA-3331.NASL", "type": "nessus", "title": "Debian DSA-3331-1 : subversion - security update", "description": "Several security issues have been found in the server components of the version control system subversion.\n\n - CVE-2015-3184 Subversion's mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. This issue does not affect the oldstable distribution (wheezy) because it only contains Apache httpd 2.2.\n\n - CVE-2015-3187 Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz.\n When a node is copied from an unreadable location to a readable location the unreadable path may be revealed.\n This vulnerablity only reveals the path, it does not reveal the contents of the path.", "published": "2015-08-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85354", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2017-10-29T13:37:49"}, {"id": "ORACLELINUX_ELSA-2015-1633.NASL", "type": "nessus", "title": "Oracle Linux 6 : subversion (ELSA-2015-1633)", "description": "From Red Hat Security Advisory 2015:1633 :\n\nUpdated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSubversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.\n\nAn assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash.\n(CVE-2015-0248)\n\nIt was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved).\n(CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187.\n\nAll subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.", "published": "2015-08-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85489", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-10-29T13:34:31"}, {"id": "MACOSX_XCODE_7_3.NASL", "type": "nessus", "title": "Apple Xcode < 7.3 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.3. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in Apache Subversion in mod_authz_svn due to a failure to properly restrict anonymous access. An unauthenticated, remote attacker can exploit this, via a crafted path name, to read hidden files. (CVE-2015-3184)\n\n - A flaw exists in Apache Subversion in the svn_repos_trace_node_locations() function that causes the first readable path to be returned when it encounters an unreadable path when following a node's history. An authenticated, remote attacker can exploit this to access paths that were intended to be hidden.\n (CVE-2015-3187)\n\n - Multiple unspecified memory corruption issues exist in otool due to improper validation of user-supplied input.\n A local attacker can exploit these to cause a denial of service or to execute arbitrary code. (CVE-2016-1765)", "published": "2016-03-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90148", "cvelist": ["CVE-2015-3187", "CVE-2016-1765", "CVE-2015-3184"], "lastseen": "2017-10-29T13:36:23"}, {"id": "SL_20150817_SUBVERSION_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : subversion on SL6.x i386/x86_64", "description": "An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash.\n(CVE-2015-0248)\n\nIt was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved).\n(CVE-2015-3187)\n\nAfter installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.", "published": "2015-08-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85503", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-10-29T13:34:42"}, {"id": "OPENSUSE-2015-949.NASL", "type": "nessus", "title": "openSUSE Security Update : subversion (openSUSE-2015-949)", "description": "This update fixes the following security issues :\n\n - CVE-2015-5343: Possible remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300)\n\n - CVE-2015-3184: mod_authz_svn information leak information in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514)\n\n - CVE-2015-3187: hidden paths leaked by path-based authz (bsc#939517)", "published": "2015-12-29T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87624", "cvelist": ["CVE-2015-3187", "CVE-2015-5343", "CVE-2015-3184"], "lastseen": "2017-10-29T13:37:12"}, {"id": "CENTOS_RHSA-2015-1633.NASL", "type": "nessus", "title": "CentOS 6 : subversion (CESA-2015:1633)", "description": "Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSubversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.\n\nAn assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash.\n(CVE-2015-0248)\n\nIt was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved).\n(CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187.\n\nAll subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.", "published": "2015-08-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85461", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-10-29T13:41:37"}, {"id": "REDHAT-RHSA-2015-1633.NASL", "type": "nessus", "title": "RHEL 6 : subversion (RHSA-2015:1633)", "description": "Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSubversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.\n\nAn assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash.\n(CVE-2015-0248)\n\nIt was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved).\n(CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187.\n\nAll subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.", "published": "2015-08-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85494", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-10-29T13:44:08"}], "archlinux": [{"id": "ASA-201508-5", "type": "archlinux", "title": "subversion: authentication bypass", "description": "- CVE-2015-3184:\n\nSubversion's mod_authz_svn does not properly restrict anonymous access\nin some mixed anonymous/authenticated environments when using Apache\nhttpd 2.4. The result is that anonymous access may be possible to files\nfor which only authenticated access should be possible.\n\n- CVE-2015-3187:\n\nSubversion servers, both httpd and svnserve, will reveal some paths that\nshould be hidden by path-based authz. When a node is copied from an\nunreadable location to a readable location the unreadable path may be\nrevealed. This vulnerability only reveals the path, it does not reveal\nthe contents of the path.", "published": "2015-08-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2016-09-02T18:44:37"}], "openvas": [{"id": "OPENVAS:1361412562310703331", "type": "openvas", "title": "Debian Security Advisory DSA 3331-1 (subversion - security update)", "description": "Several security issues have been found in the server components of the\nversion control system subversion.\n\nCVE-2015-3184 \nSubversion", "published": "2015-08-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703331", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2018-04-06T11:24:24"}, {"id": "OPENVAS:1361412562310805095", "type": "openvas", "title": "Apache Subversion Multiple Vulnerabilities - Aug15", "description": "This host is installed with Apache Subversion\n and is prone to multiple vulnerabilities.", "published": "2015-08-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805095", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2018-04-09T11:28:43"}, {"id": "OPENVAS:703331", "type": "openvas", "title": "Debian Security Advisory DSA 3331-1 (subversion - security update)", "description": "Several security issues have been found in the server components of the\nversion control system subversion.\n\nCVE-2015-3184 \nSubversion", "published": "2015-08-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703331", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2017-07-24T12:52:20"}, {"id": "OPENVAS:1361412562310123028", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1633", "description": "Oracle Linux Local Security Checks ELSA-2015-1633", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123028", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-07-24T12:53:57"}, {"id": "OPENVAS:1361412562310882252", "type": "openvas", "title": "CentOS Update for mod_dav_svn CESA-2015:1633 centos6 ", "description": "Check the version of mod_dav_svn", "published": "2015-08-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882252", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-07-25T10:53:49"}, {"id": "OPENVAS:1361412562310871432", "type": "openvas", "title": "RedHat Update for subversion RHSA-2015:1633-01", "description": "Check the version of subversion", "published": "2015-08-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871432", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-07-27T10:52:11"}, {"id": "OPENVAS:1361412562310123007", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1742", "description": "Oracle Linux Local Security Checks ELSA-2015-1742", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123007", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-3184"], "lastseen": "2017-07-24T12:53:39"}, {"id": "OPENVAS:1361412562310882281", "type": "openvas", "title": "CentOS Update for mod_dav_svn CESA-2015:1742 centos7 ", "description": "Check the version of mod_dav_svn", "published": "2015-09-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882281", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-3184"], "lastseen": "2017-07-25T10:53:44"}, {"id": "OPENVAS:1361412562310871449", "type": "openvas", "title": "RedHat Update for subversion RHSA-2015:1742-01", "description": "Check the version of subversion", "published": "2015-09-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871449", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-3184"], "lastseen": "2017-07-27T10:53:21"}, {"id": "OPENVAS:1361412562310807425", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2015-6", "description": "Check the version of subversion", "published": "2016-03-01T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807425", "cvelist": ["CVE-2015-5259", "CVE-2015-3187", "CVE-2015-5343", "CVE-2015-3184"], "lastseen": "2017-07-25T10:55:05"}], "freebsd": [{"id": "57BB5E3D-3C4F-11E5-A4D4-001E8C75030D", "type": "freebsd", "title": "subversion -- multiple vulnerabilities", "description": "\nSubversion reports:\n\nCVE-2015-3184:\n\t Subversion's mod_authz_svn does not properly restrict anonymous access\n\t in some mixed anonymous/authenticated environments when\n\t using Apache httpd 2.4.\nCVE-2015-3187:\n\t Subversion servers, both httpd and svnserve, will reveal some\n\t paths that should be hidden by path-based authz.\n\n", "published": "2015-07-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/57bb5e3d-3c4f-11e5-a4d4-001e8c75030d.html", "cvelist": ["CVE-2015-3187", "CVE-2015-3184"], "lastseen": "2016-09-26T17:24:16"}], "oraclelinux": [{"id": "ELSA-2015-1633", "type": "oraclelinux", "title": "subversion security update", "description": "[1.6.11-15]\n- add security fixes for CVE-2015-0248, CVE-2015-0251, CVE-2015-3187", "published": "2015-08-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1633.html", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2016-09-04T11:16:56"}, {"id": "ELSA-2015-1742", "type": "oraclelinux", "title": "subversion security update", "description": "[1.7.14-7.1]\n- add security fixes for CVE-2015-0248, CVE-2015-0251, CVE-2015-3184,\n CVE-2015-3187", "published": "2015-09-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1742.html", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-3184"], "lastseen": "2016-09-04T11:16:21"}], "centos": [{"id": "CESA-2015:1633", "type": "centos", "title": "mod_dav_svn, subversion security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1633\n\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes.\nThe mod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP.\n\nAn assertion failure flaw was found in the way the SVN server processed\ncertain requests with dynamically evaluated revision numbers. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato\nof CollabNet as the original reporter of CVE-2015-3187.\n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/021333.html\n\n**Affected packages:**\nmod_dav_svn\nsubversion\nsubversion-devel\nsubversion-gnome\nsubversion-javahl\nsubversion-kde\nsubversion-perl\nsubversion-ruby\nsubversion-svn2cl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1633.html", "published": "2015-08-17T15:33:54", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/021333.html", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251"], "lastseen": "2017-10-03T18:25:25"}, {"id": "CESA-2015:1742", "type": "centos", "title": "mod_dav_svn, subversion security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1742\n\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP.\n\nAn assertion failure flaw was found in the way the SVN server processed\ncertain requests with dynamically evaluated revision numbers. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_authz_svn module did not properly restrict\nanonymous access to Subversion repositories under certain configurations\nwhen used with Apache httpd 2.4.x. This could allow a user to anonymously\naccess files in a Subversion repository, which should only be accessible to\nauthenticated users. (CVE-2015-3184)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael\nPilato of CollabNet as the original reporter of CVE-2015-3184 and\nCVE-2015-3187 flaws.\n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-September/021377.html\n\n**Affected packages:**\nmod_dav_svn\nsubversion\nsubversion-devel\nsubversion-gnome\nsubversion-javahl\nsubversion-kde\nsubversion-libs\nsubversion-perl\nsubversion-python\nsubversion-ruby\nsubversion-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1742.html", "published": "2015-09-08T21:07:49", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-September/021377.html", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-3184"], "lastseen": "2017-10-03T18:26:17"}], "redhat": [{"id": "RHSA-2015:1633", "type": "redhat", "title": "(RHSA-2015:1633) Moderate: subversion security update", "description": "Subversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes.\nThe mod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP.\n\nAn assertion failure flaw was found in the way the SVN server processed\ncertain requests with dynamically evaluated revision numbers. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato\nof CollabNet as the original reporter of CVE-2015-3187.\n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol.\n", "published": "2015-08-17T04:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1633", "cvelist": ["CVE-2015-0248", "CVE-2015-0251", "CVE-2015-3187"], "lastseen": "2018-06-12T21:10:07"}, {"id": "RHSA-2015:1742", "type": "redhat", "title": "(RHSA-2015:1742) Moderate: subversion security update", "description": "Subversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP.\n\nAn assertion failure flaw was found in the way the SVN server processed\ncertain requests with dynamically evaluated revision numbers. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_authz_svn module did not properly restrict\nanonymous access to Subversion repositories under certain configurations\nwhen used with Apache httpd 2.4.x. This could allow a user to anonymously\naccess files in a Subversion repository, which should only be accessible to\nauthenticated users. (CVE-2015-3184)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property.\n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael\nPilato of CollabNet as the original reporter of CVE-2015-3184 and\nCVE-2015-3187 flaws.\n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol.\n", "published": "2015-09-08T04:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1742", "cvelist": ["CVE-2015-0248", "CVE-2015-0251", "CVE-2015-3184", "CVE-2015-3187"], "lastseen": "2018-04-15T16:21:15"}], "amazon": [{"id": "ALAS-2016-676", "type": "amazon", "title": "Important: mod_dav_svn,subversion", "description": "**Issue Overview:**\n\nIt was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). ([CVE-2015-3187 __](<https://access.redhat.com/security/cve/CVE-2015-3187>))\n\nAn integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. ([CVE-2015-5259 __](<https://access.redhat.com/security/cve/CVE-2015-5259>))\n\nIt was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. ([CVE-2015-3184 __](<https://access.redhat.com/security/cve/CVE-2015-3184>))\n\nIt was found that the mod_dav_svn module was vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies, allowing an attacker with write access to a repository to cause a denial of service attack (on 32-bit or 64-bit servers) or possibly execute arbitrary code (on 32-bit servers only) under the context of the httpd process. ([CVE-2015-5343 __](<https://access.redhat.com/security/cve/CVE-2015-5343>))\n\n \n**Affected Packages:** \n\n\nmod_dav_svn,subversion\n\n \n**Issue Correction:** \nRun _yum update mod_dav_svn_ to update your system. \nRun _yum update subversion_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n mod_dav_svn-1.8.15-1.52.amzn1.i686 \n mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.i686 \n mod24_dav_svn-1.8.15-1.54.amzn1.i686 \n subversion-tools-1.8.15-1.54.amzn1.i686 \n subversion-1.8.15-1.54.amzn1.i686 \n subversion-python27-1.8.15-1.54.amzn1.i686 \n subversion-javahl-1.8.15-1.54.amzn1.i686 \n subversion-ruby-1.8.15-1.54.amzn1.i686 \n subversion-perl-1.8.15-1.54.amzn1.i686 \n subversion-debuginfo-1.8.15-1.54.amzn1.i686 \n subversion-devel-1.8.15-1.54.amzn1.i686 \n subversion-libs-1.8.15-1.54.amzn1.i686 \n subversion-python26-1.8.15-1.54.amzn1.i686 \n \n src: \n mod_dav_svn-1.8.15-1.52.amzn1.src \n subversion-1.8.15-1.54.amzn1.src \n \n x86_64: \n mod_dav_svn-1.8.15-1.52.amzn1.x86_64 \n mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.x86_64 \n subversion-debuginfo-1.8.15-1.54.amzn1.x86_64 \n subversion-devel-1.8.15-1.54.amzn1.x86_64 \n subversion-libs-1.8.15-1.54.amzn1.x86_64 \n subversion-javahl-1.8.15-1.54.amzn1.x86_64 \n subversion-tools-1.8.15-1.54.amzn1.x86_64 \n mod24_dav_svn-1.8.15-1.54.amzn1.x86_64 \n subversion-python26-1.8.15-1.54.amzn1.x86_64 \n subversion-python27-1.8.15-1.54.amzn1.x86_64 \n subversion-ruby-1.8.15-1.54.amzn1.x86_64 \n subversion-1.8.15-1.54.amzn1.x86_64 \n subversion-perl-1.8.15-1.54.amzn1.x86_64 \n \n \n", "published": "2016-03-29T15:30:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-676.html", "cvelist": ["CVE-2015-5259", "CVE-2015-3187", "CVE-2015-5343", "CVE-2015-3184"], "lastseen": "2016-09-28T21:04:06"}], "ubuntu": [{"id": "USN-2721-1", "type": "ubuntu", "title": "Subversion vulnerabilities", "description": "It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580)\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251)\n\nC. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187)", "published": "2015-08-20T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2721-1/", "cvelist": ["CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-0202", "CVE-2015-3184", "CVE-2014-3580", "CVE-2014-8108"], "lastseen": "2018-03-29T18:21:24"}], "gentoo": [{"id": "GLSA-201610-05", "type": "gentoo", "title": "Subversion, Serf: Multiple Vulnerabilities", "description": "### Background\n\nSubversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS\u2019s :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories. \n\nThe serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Subversion users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/subversion-1.9.4\"\n \n\nAll Serf users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/serf-1.3.7\"", "published": "2016-10-11T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201610-05", "cvelist": ["CVE-2014-3504", "CVE-2015-5259", "CVE-2016-2168", "CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2014-0032", "CVE-2015-0202", "CVE-2016-2167", "CVE-2014-3522", "CVE-2015-3184", "CVE-2014-3528"], "lastseen": "2016-10-11T12:54:23"}], "suse": [{"id": "SUSE-SU-2017:2200-1", "type": "suse", "title": "Security update for subversion (important)", "description": "This update for subversion fixes the following issues:\n\n\n - CVE-2017-9800: A malicious, compromised server or MITM may cause svn\n client to execute arbitrary commands by sending repository content with\n svn:externals definitions pointing to crafted svn+ssh URLs. (bsc#1051362)\n\n - Malicious user may commit SHA-1 collisions and cause repository\n inconsistencies (bsc#1026936)\n\n - CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and\n Subversion clients using http(s):// could lead to denial of service\n (bsc#1011552)\n\n - CVE-2016-2167: svnserve/sasl may authenticate users using the wrong\n realm (bsc#976849)\n\n - CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn\n during COPY/MOVE authorization check (bsc#976850)\n\n - mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (bsc#977424)\n\n - make the subversion package conflict with KWallet and Gnome Keyring\n packages with do not require matching subversion versions in SLE 12 and\n openSUSE Leap 42.1 and thus break the main package upon partial upgrade.\n (bsc#969159)\n\n - CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read\n in mod_dav_svn caused by integer overflow when parsing skel-encoded\n request bodies. (bsc#958300)\n\n - Avoid recommending 180+ new pkgs for installation on minimal setup due\n subversion-password-store (bsc#942819)\n\n - CVE-2015-3184: mod_authz_svn: mixed anonymous/authenticated httpd (dav)\n configurations could lead to information leak (bsc#939514)\n\n - CVE-2015-3187: do not leak paths that were hidden by path-based authz\n (bsc#939517)\n\n - CVE-2015-0202: Subversion HTTP servers with FSFS repositories were\n vulnerable to a remotely triggerable excessive memory use with certain\n REPORT requests. (bsc#923793)\n\n - CVE-2015-0248: Subversion mod_dav_svn and svnserve were vulnerable to a\n remotely triggerable assertion DoS vulnerability for certain requests\n with dynamically evaluated revision numbers. (bsc#923794)\n\n - CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author\n property values for new revisions (bsc#923795)\n\n - fix sample configuration comments in subversion.conf (bsc#916286)\n\n - fix sysconfig file generation (bsc#911620)\n\n - CVE-2014-3580: mod_dav_svn invalid REPORT requests could lead to denial\n of service (bsc#909935)\n\n - CVE-2014-8108: mod_dav_svn use of invalid transaction names could lead\n to denial of service (bsc#909935)\n\n - INSTALL#SQLite says 'Subversion 1.8 requires SQLite version 3.7.12 or\n above'; therefore I lowered the sqlite requirement to make the\n subversion run on\n older system versions, tooi. [bsc#897033]\n\n", "published": "2017-08-17T12:10:12", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00055.html", "cvelist": ["CVE-2016-2168", "CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-0202", "CVE-2016-2167", "CVE-2015-5343", "CVE-2016-8734", "CVE-2017-9800", "CVE-2015-3184", "CVE-2014-3580", "CVE-2014-8108"], "lastseen": "2017-08-17T17:07:39"}]}}
