A denial of service vulnerability was found in subversion. The mod_dontdothat component of the mod_dav_svn Apache module did not properly protect against exponential XML entity expansion attacks. An attacker with credentials to the webdav repository could send a crafted message that would result in resource exhaustion and denial of service to httpd.