Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CentOS Update for mod_dav_svn CESA-2013:0737 centos5

🗓️ 15 Apr 2013 00:00:00Reported by Copyright (C) 2013 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 26 Views

CentOS Update for 'mod_dav_svn'. Remote host is missing an update for mod_dav_svn package(s) announced via the referenced advisory. Affects mod_dav_svn on CentOS 5. Solution: Please install the updated packages

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Oracle linux		subversion security update
11 Apr 201300:00
oraclelinux
OpenVAS		CentOS Update for mod_dav_svn CESA-2013:0737 centos6
15 Apr 201300:00
openvas
OpenVAS		CentOS Update for mod_dav_svn CESA-2013:0737 centos5
15 Apr 201300:00
openvas
OpenVAS		Oracle: Security Advisory (ELSA-2013-0737)
6 Oct 201500:00
openvas
OpenVAS		CentOS Update for mod_dav_svn CESA-2013:0737 centos6
15 Apr 201300:00
openvas
OpenVAS		Amazon Linux: Security Advisory (ALAS-2013-180)
8 Sep 201500:00
openvas
OpenVAS		RedHat Update for subversion RHSA-2013:0737-01
15 Apr 201300:00
openvas
OpenVAS		RedHat Update for subversion RHSA-2013:0737-01
15 Apr 201300:00
openvas
OpenVAS		Slackware: Security Advisory (SSA:2013-095-01)
21 Apr 202200:00
openvas
OpenVAS		Debian: Security Advisory (DLA-207-1)
8 Mar 202300:00
openvas
Rows per page
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.881710");
  script_version("2023-07-10T08:07:43+0000");
  script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
  script_tag(name:"creation_date", value:"2013-04-15 10:13:06 +0530 (Mon, 15 Apr 2013)");
  script_cve_id("CVE-2013-1845", "CVE-2013-1846", "CVE-2013-1847", "CVE-2013-1849");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_name("CentOS Update for mod_dav_svn CESA-2013:0737 centos5");

  script_xref(name:"CESA", value:"2013:0737");
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2013-April/019687.html");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'mod_dav_svn'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2013 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
  script_tag(name:"affected", value:"mod_dav_svn on CentOS 5");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"insight", value:"Subversion (SVN) is a concurrent version control system which enables one
  or more users to collaborate in developing and maintaining a hierarchy of
  files and directories while keeping a history of all changes. The
  mod_dav_svn module is used with the Apache HTTP Server to allow access to
  Subversion repositories via HTTP.

  A NULL pointer dereference flaw was found in the way the mod_dav_svn module
  handled PROPFIND requests on activity URLs. A remote attacker could use
  this flaw to cause the httpd process serving the request to crash.
  (CVE-2013-1849)

  A flaw was found in the way the mod_dav_svn module handled large numbers
  of properties (such as those set with the 'svn propset' command).
  A malicious, remote user could use this flaw to cause the httpd process
  serving the request to consume an excessive amount of system memory.
  (CVE-2013-1845)

  Two NULL pointer dereference flaws were found in the way the mod_dav_svn
  module handled LOCK requests on certain types of URLs. A malicious, remote
  user could use these flaws to cause the httpd process serving the request
  to crash. (CVE-2013-1846, CVE-2013-1847)

  Note: The CVE-2013-1849, CVE-2013-1846, and CVE-2013-1847 issues only
  caused a temporary denial of service, as the Apache HTTP Server started a
  new process to replace the crashed child process. When using prefork MPM,
  the crash only affected the attacker. When using worker (threaded) MPM, the
  connections of other users may have been interrupted.

  Red Hat would like to thank the Apache Subversion project for reporting
  these issues. Upstream acknowledges Alexander Klink as the original
  reporter of CVE-2013-1845, Ben Reser as the original reporter of
  CVE-2013-1846, and Philip Martin and Ben Reser as the original reporters of
  CVE-2013-1847.

  All subversion users should upgrade to these updated packages, which
  contain backported patches to correct these issues. After installing the
  updated packages, you must restart the httpd daemon, if you are using
  mod_dav_svn, for the update to take effect.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS5")
{

  if ((res = isrpmvuln(pkg:"mod_dav_svn", rpm:"mod_dav_svn~1.6.11~11.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"subversion", rpm:"subversion~1.6.11~11.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"subversion-devel", rpm:"subversion-devel~1.6.11~11.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"subversion-javahl", rpm:"subversion-javahl~1.6.11~11.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"subversion-perl", rpm:"subversion-perl~1.6.11~11.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"subversion-ruby", rpm:"subversion-ruby~1.6.11~11.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Apr 2013 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS25
EPSS0.44902
centosmod_dav_svnupdateadvisorysecurityapachesubversioncve-2013-1845cve-2013-1846cve-2013-1847cve-2013-1849null pointerdenial of servicevendor fix
26
.json
Report